Weekly Vulnerabilities Reports > January 9 to 15, 2023

Overview

694 new vulnerabilities reported during this period, including 168 critical vulnerabilities and 291 high severity vulnerabilities. This weekly summary report vulnerabilities in 1046 products from 232 vendors including Microsoft, Insteon, Qualcomm, AMD, and Juniper. Vulnerabilities are notably categorized as "SQL Injection", "Stack-based Buffer Overflow", "Out-of-bounds Write", "Cross-site Scripting", and "Improper Input Validation".

  • 486 reported vulnerabilities are remotely exploitables.
  • 183 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 339 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 98 reported vulnerabilities.
  • Insteon has the most reported critical vulnerabilities, with 80 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

168 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-11 CVE-2017-16256 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16257 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16258 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16259 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16260 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16262 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16263 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16264 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16265 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16266 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16267 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16268 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16269 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16270 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16271 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16272 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16273 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16274 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16275 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16276 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16277 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16278 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16279 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16280 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16281 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16282 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16283 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16284 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16285 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16286 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16287 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16288 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16289 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16290 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16291 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16292 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16293 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16294 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16295 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16296 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16297 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16298 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16299 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16300 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16301 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16302 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16303 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16304 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16305 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16306 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16307 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16308 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16309 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16310 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16311 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16312 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16313 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16314 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16315 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16316 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16317 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16318 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16319 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16320 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16321 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16322 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16323 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16324 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16325 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16326 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16327 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16328 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16329 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16330 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16331 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16332 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16333 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16334 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16335 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-11 CVE-2017-16336 Insteon Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

9.9
2023-01-15 CVE-2023-0307 Phpmyfaq Weak Password Requirements vulnerability in PHPmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

9.8
2023-01-15 CVE-2023-0311 Phpmyfaq Improper Authentication vulnerability in PHPmyfaq

Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

9.8
2023-01-15 CVE-2018-25075 Obridge Project SQL Injection vulnerability in Obridge Project Obridge

A vulnerability classified as critical has been found in karsany OBridge up to 1.3.

9.8
2023-01-15 CVE-2016-15018 Krail JPA Project SQL Injection vulnerability in Krail-Jpa Project Krail-Jpa

A vulnerability was found in krail-jpa up to 0.9.1.

9.8
2023-01-15 CVE-2015-10050 Mirna Database BY PHP Mysql Project SQL Injection vulnerability in Mirna Database BY PHP Mysql Project Mirna Database BY PHP Mysql

A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql.

9.8
2023-01-15 CVE-2015-10051 Discussion Board Project SQL Injection vulnerability in Discussion-Board Project Discussion-Board

A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board.

9.8
2023-01-15 CVE-2015-10044 Sqldump Project SQL Injection vulnerability in Sqldump Project Sqldump

A vulnerability classified as critical was found in gophergala sqldump.

9.8
2023-01-15 CVE-2015-10045 Project Todolist Project SQL Injection vulnerability in Project Todolist Project Todolist

A vulnerability, which was classified as critical, was found in tutrantta project_todolist.

9.8
2023-01-15 CVE-2015-10046 Lolfeedback Project SQL Injection vulnerability in Lolfeedback Project Lolfeedback

A vulnerability has been found in lolfeedback and classified as critical.

9.8
2023-01-15 CVE-2015-10047 School Register Project SQL Injection vulnerability in School-Register Project School-Register

A vulnerability was found in KYUUBl school-register.

9.8
2023-01-15 CVE-2015-10048 Desafio Buzz Woody Project SQL Injection vulnerability in Desafio Buzz Woody Project Desafio Buzz Woody

A vulnerability was found in bmattoso desafio_buzz_woody.

9.8
2023-01-15 CVE-2014-125077 Searx Stats Project SQL Injection vulnerability in Searx Stats Project Searx Stats

A vulnerability, which was classified as critical, has been found in pointhi searx_stats.

9.8
2023-01-15 CVE-2014-125079 Pontifex Http Project SQL Injection vulnerability in Pontifex.Http Project Pontifex.Http

A vulnerability was found in agy pontifex.http.

9.8
2023-01-15 CVE-2022-4889 Stracker Project SQL Injection vulnerability in Stracker Project Stracker

A vulnerability classified as critical was found in visegripped Stracker.

9.8
2023-01-14 CVE-2015-10020 Cis450Project Project SQL Injection vulnerability in Cis450Project Project Cis450Project

A vulnerability has been found in ssn2013 cis450Project and classified as critical.

9.8
2023-01-14 CVE-2023-0299 Publify Project Improper Input Validation vulnerability in Publify Project Publify

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

9.8
2023-01-14 CVE-2022-1812 Publify Project Integer Overflow or Wraparound vulnerability in Publify Project Publify

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.

9.8
2023-01-14 CVE-2023-0297 Pyload Code Injection vulnerability in Pyload

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

9.8
2023-01-14 CVE-2023-22480 Fit2Cloud Incorrect Authorization vulnerability in Fit2Cloud Kubeoperator

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters.

9.8
2023-01-14 CVE-2023-22495 Maif Use of Hard-coded Credentials vulnerability in Maif Izanami

Izanami is a shared configuration service well-suited for micro-service architecture implementation.

9.8
2023-01-14 CVE-2023-22496 Netdata Command Injection vulnerability in Netdata

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting.

9.8
2023-01-13 CVE-2015-10042 Aibattle Project SQL Injection vulnerability in Aibattle Project Aibattle

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle.

9.8
2023-01-13 CVE-2017-20169 TON Masterserver Project SQL Injection vulnerability in Ton-Masterserver Project Ton-Masterserver

A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer.

9.8
2023-01-13 CVE-2022-45299 Webbrowser Project Path Traversal vulnerability in Webbrowser Project Webbrowser

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.

9.8
2023-01-13 CVE-2015-10041 Aibattle Project SQL Injection vulnerability in Aibattle Project Aibattle 20150810

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle.

9.8
2023-01-13 CVE-2022-46954 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction.

9.8
2023-01-13 CVE-2022-46955 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue.

9.8
2023-01-13 CVE-2023-0281 Online Flight Booking Management System Project SQL Injection vulnerability in Online Flight Booking Management System Project Online Flight Booking Management System

A vulnerability was found in SourceCodester Online Flight Booking Management System.

9.8
2023-01-13 CVE-2023-0283 Online Flight Booking Management System Project SQL Injection vulnerability in Online Flight Booking Management System Project Online Flight Booking Management System

A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System.

9.8
2023-01-13 CVE-2022-21191 Global Modules Path Project Unspecified vulnerability in Global-Modules-Path Project Global-Modules-Path

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.

9.8
2023-01-13 CVE-2023-23566 Axigen Unspecified vulnerability in Axigen Mail Server 10.3.3.52

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.

9.8
2023-01-13 CVE-2022-46502 Online Student Enrollment System Project SQL Injection vulnerability in Online Student Enrollment System Project Online Student Enrollment System 1.0

Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.

9.8
2023-01-13 CVE-2022-46471 Online Health Care System Project SQL Injection vulnerability in Online Health Care System Project Online Health Care System 1.0

Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php.

9.8
2023-01-13 CVE-2022-46478 Datax WEB Project Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.

9.8
2023-01-12 CVE-2023-0256 Online Food Ordering System Project SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

A vulnerability was found in SourceCodester Online Food Ordering System 2.0.

9.8
2023-01-12 CVE-2023-0257 Online Food Ordering System Project Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

A vulnerability was found in SourceCodester Online Food Ordering System 2.0.

9.8
2023-01-12 CVE-2013-10011 Classroom Engagement System Project SQL Injection vulnerability in Classroom-Engagement-System Project Classroom-Engagement-System

A vulnerability was found in aeharding classroom-engagement-system and classified as critical.

9.8
2023-01-12 CVE-2022-39184 Exfo Unspecified vulnerability in Exfo Bv-10 Firmware

EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.

9.8
2023-01-12 CVE-2022-39185 Exfo Use of Hard-coded Credentials vulnerability in Exfo Bv-10 Firmware

EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user.

9.8
2023-01-12 CVE-2022-3515 Gnupg
Gpg4Win
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser.
9.8
2023-01-12 CVE-2023-0243 Tuzicms Project SQL Injection vulnerability in Tuzicms Project Tuzicms 2.0.6

A vulnerability classified as critical has been found in TuziCMS 2.0.6.

9.8
2023-01-12 CVE-2023-0244 Tuzicms Project SQL Injection vulnerability in Tuzicms Project Tuzicms 2.0.6

A vulnerability classified as critical was found in TuziCMS 2.0.6.

9.8
2023-01-12 CVE-2023-0245 Online Flight Booking Management System Project SQL Injection vulnerability in Online Flight Booking Management System Project Online Flight Booking Management System

A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System.

9.8
2023-01-11 CVE-2022-4498 TP Link Out-of-bounds Write vulnerability in Tp-Link Archer C5 Firmware and Tl-Wr710N Firmware

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow.

9.8
2023-01-11 CVE-2022-4873 Netcommwireless Out-of-bounds Write vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter.

9.8
2023-01-11 CVE-2014-125075 Gmail Servlet Project SQL Injection vulnerability in Gmail-Servlet Project Gmail-Servlet

A vulnerability was found in gmail-servlet and classified as critical.

9.8
2023-01-11 CVE-2014-125076 Criminals Project SQL Injection vulnerability in Criminals Project Criminals

A vulnerability was found in NoxxieNl Criminals.

9.8
2023-01-11 CVE-2022-40615 IBM SQL Injection vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection.

9.8
2023-01-11 CVE-2014-125074 Voyager Project SQL Injection vulnerability in Voyager Project Voyager

A vulnerability was found in Nayshlok Voyager.

9.8
2023-01-11 CVE-2017-20168 Piwallet Project SQL Injection vulnerability in Piwallet Project Piwallet

A vulnerability was found in jfm-so piWallet.

9.8
2023-01-11 CVE-2022-47859 Lead Management System Project SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0

Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.

9.8
2023-01-11 CVE-2022-47860 Lead Management System Project SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.

9.8
2023-01-11 CVE-2022-47861 Lead Management System Project SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.

9.8
2023-01-11 CVE-2022-47862 Lead Management System Project SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0

Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.

9.8
2023-01-11 CVE-2022-47864 Lead Management System Project SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.

9.8
2023-01-11 CVE-2022-47865 Lead Management System Project SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.

9.8
2023-01-11 CVE-2022-47866 Lead Management System Project SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0

Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.

9.8
2023-01-11 CVE-2022-34441 Dell Use of Hard-coded Credentials vulnerability in Dell EMC Secure Connect Gateway Policy Manager 5.10.00.00/5.12.00.00

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.

9.8
2023-01-11 CVE-2022-34440 Dell Use of Hard-coded Credentials vulnerability in Dell EMC Secure Connect Gateway Policy Manager 5.10.00.00/5.12.00.00

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.

9.8
2023-01-11 CVE-2015-10036 Dronfelipe Project SQL Injection vulnerability in Dronfelipe Project Dronfelipe

A vulnerability was found in kylebebak dronfelipe.

9.8
2023-01-11 CVE-2015-10037 ACI Escola Project SQL Injection vulnerability in ACI Escola Project ACI Escola

A vulnerability, which was classified as critical, was found in ACI_Escola.

9.8
2023-01-11 CVE-2022-48253 Nazgul Path Traversal vulnerability in Nazgul Nostromo

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server.

9.8
2023-01-11 CVE-2022-43389 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

9.8
2023-01-11 CVE-2022-48252 PI Alert Project OS Command Injection vulnerability in Pi.Alert Project Pi.Alert 1.0

The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.

9.8
2023-01-10 CVE-2022-4337 Openvswitch
Debian
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

9.8
2023-01-10 CVE-2022-4338 Openvswitch
Debian
Out-of-bounds Read vulnerability in multiple products

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

9.8
2023-01-10 CVE-2014-125073 Voteapp Project SQL Injection vulnerability in Voteapp Project Voteapp

A vulnerability was found in mapoor voteapp.

9.8
2023-01-10 CVE-2016-15017 Ecodev Path Traversal vulnerability in Ecodev Media Upload

A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical.

9.8
2023-01-10 CVE-2022-3792 Gullseye SQL Injection vulnerability in Gullseye Terminal Operating System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection.This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.

9.8
2023-01-10 CVE-2022-4422 Bulutses SQL Injection vulnerability in Bulutses Bulutdesk Callcenter

Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability.

9.8
2023-01-10 CVE-2022-43514 Siemens Path Traversal vulnerability in Siemens Automation License Manager

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2).

9.8
2023-01-10 CVE-2017-20166 Ecto Project Unspecified vulnerability in Ecto Project Ecto 2.2.0

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.

9.8
2023-01-10 CVE-2023-22903 Librephotos Project Unspecified vulnerability in Librephotos Project Librephotos

api/views/user.py in LibrePhotos before e19e539 has incorrect access control.

9.8
2023-01-10 CVE-2023-0014 SAP Authentication Bypass by Capture-replay vulnerability in SAP products

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format.

9.8
2023-01-10 CVE-2023-0017 SAP Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system.

9.8
2023-01-09 CVE-2014-125071 Gribbit Project Origin Validation Error vulnerability in Gribbit Project Gribbit

A vulnerability was found in lukehutch Gribbit.

9.8
2023-01-09 CVE-2015-10034 Workout Organizer Project SQL Injection vulnerability in Workout-Organizer Project Workout-Organizer

A vulnerability has been found in j-nowak workout-organizer and classified as critical.

9.8
2023-01-09 CVE-2015-10035 Angular Test Reporter Project SQL Injection vulnerability in Angular-Test-Reporter Project Angular-Test-Reporter

A vulnerability was found in gperson angular-test-reporter and classified as critical.

9.8
2023-01-09 CVE-2022-47790 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.

9.8
2023-01-09 CVE-2021-4311 Talend XXE vulnerability in Talend Open Studio

A vulnerability classified as problematic was found in Talend Open Studio for MDM.

9.8
2023-01-09 CVE-2022-43974 Matrixssl Integer Overflow or Wraparound vulnerability in Matrixssl

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13.

9.8
2023-01-09 CVE-2022-33265 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.

9.8
2023-01-09 CVE-2022-25890 Wifey Project Unspecified vulnerability in Wifey Project Wifey

All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.

9.8
2023-01-11 CVE-2022-42967 Caret Cross-site Scripting vulnerability in Caret

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled.

9.6
2023-01-14 CVE-2023-22497 Netdata Exposure of Resource to Wrong Sphere vulnerability in Netdata

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting.

9.1
2023-01-13 CVE-2022-3782 Redhat Path Traversal vulnerability in Redhat Keycloak 20.0.2

keycloak: path traversal via double URL encoding.

9.1
2023-01-13 CVE-2022-4616 Deltaww Command Injection vulnerability in Deltaww Dx-3021L9 Firmware

The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page.

9.1
2023-01-12 CVE-2023-22599 Inhandnetworks Use of a One-Way Hash with a Predictable Salt vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt.

9.1

291 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-14 CVE-2015-10043 Apollo Project Path Traversal vulnerability in Apollo Project Apollo

A vulnerability, which was classified as critical, was found in abreen Apollo.

8.8
2023-01-14 CVE-2023-22850 Tiki Deserialization of Untrusted Data vulnerability in Tiki

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.

8.8
2023-01-14 CVE-2022-41955 Autolabproject Command Injection vulnerability in Autolabproject Autolab

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web.

8.8
2023-01-14 CVE-2023-22853 Tiki Code Injection vulnerability in Tiki

Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.

8.8
2023-01-13 CVE-2022-42136 Mailenable Path Traversal vulnerability in Mailenable

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access.

8.8
2023-01-13 CVE-2022-42289 Nvidia OS Command Injection vulnerability in Nvidia DGX A100 Firmware

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

8.8
2023-01-13 CVE-2022-42290 Nvidia OS Command Injection vulnerability in Nvidia DGX A100 Firmware

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

8.8
2023-01-13 CVE-2022-42279 Nvidia OS Command Injection vulnerability in Nvidia DGX A100 Firmware

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.

8.8
2023-01-13 CVE-2022-41778 Deltaww Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification.

8.8
2023-01-12 CVE-2022-42272 Nvidia Classic Buffer Overflow vulnerability in Nvidia DGX A100 Firmware

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.

8.8
2023-01-12 CVE-2022-42273 Nvidia Classic Buffer Overflow vulnerability in Nvidia DGX A100 Firmware

NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

8.8
2023-01-12 CVE-2022-40983 QT Integer Overflow or Wraparound vulnerability in QT 6.3.2

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2.

8.8
2023-01-12 CVE-2022-43591 QT Heap-based Buffer Overflow vulnerability in QT 6.3.2

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2.

8.8
2023-01-12 CVE-2022-39182 Mingham Smith Unspecified vulnerability in Mingham-Smith Tardis 2000 1.6

H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges.

8.8
2023-01-12 CVE-2022-46367 Maxum Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus

Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.

8.8
2023-01-12 CVE-2022-46368 Maxum Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.

8.8
2023-01-12 CVE-2022-46372 Alotceriot Improper Input Validation vulnerability in Alotceriot Ar7088H-A Firmware

Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.

8.8
2023-01-11 CVE-2017-16261 Insteon Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012.

8.8
2023-01-11 CVE-2023-22952 Sugarcrm Improper Input Validation vulnerability in Sugarcrm 11.0.0/12.0.0

In SugarCRM before 12.0.

8.8
2023-01-11 CVE-2021-3966 Zephyrproject Classic Buffer Overflow vulnerability in Zephyrproject Zephyr

usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.

8.8
2023-01-11 CVE-2023-22959 Webchess Project SQL Injection vulnerability in Webchess Project Webchess 1.0.0

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).

8.8
2023-01-11 CVE-2022-43390 Zyxel OS Command Injection vulnerability in Zyxel products

A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.

8.8
2023-01-10 CVE-2023-21549 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows SMB Witness Service Elevation of Privilege Vulnerability

8.8
2023-01-10 CVE-2023-21674 Microsoft Use After Free vulnerability in Microsoft products

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

8.8
2023-01-10 CVE-2023-21676 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

8.8
2023-01-10 CVE-2023-21681 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-01-10 CVE-2023-21732 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability

8.8
2023-01-10 CVE-2023-21742 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8
2023-01-10 CVE-2023-21744 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8
2023-01-10 CVE-2022-38490 Easyvista SQL Injection vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03.

8.8
2023-01-10 CVE-2022-38492 Easyvista SQL Injection vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03.

8.8
2023-01-10 CVE-2022-45165 Archibus SQL Injection vulnerability in Archibus web Central 2022.03.01.107

An issue was discovered in Archibus Web Central 2022.03.01.107.

8.8
2023-01-10 CVE-2023-0128 Google Use After Free vulnerability in Google Chrome

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-01-10 CVE-2023-0129 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions.

8.8
2023-01-10 CVE-2023-0134 Google Use After Free vulnerability in Google Chrome

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page.

8.8
2023-01-10 CVE-2023-0135 Google Use After Free vulnerability in Google Chrome

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page.

8.8
2023-01-10 CVE-2023-0136 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page.

8.8
2023-01-10 CVE-2023-0137 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-01-10 CVE-2023-0138 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-01-10 CVE-2022-47083 Spitfire Project Deserialization of Untrusted Data vulnerability in Spitfire Project Spitfire 1.0475

A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.

8.8
2023-01-10 CVE-2022-4700 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59.

8.8
2023-01-10 CVE-2022-4701 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59.

8.8
2023-01-10 CVE-2022-46610 72Crm Unrestricted Upload of File with Dangerous Type vulnerability in 72Crm Wukong CRM 9.0

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function.

8.8
2023-01-10 CVE-2022-45092 Siemens Path Traversal vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1).

8.8
2023-01-10 CVE-2022-45093 Siemens Path Traversal vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1).

8.8
2023-01-10 CVE-2022-45094 Siemens Command Injection vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1).

8.8
2023-01-10 CVE-2023-0016 SAP SQL Injection vulnerability in SAP Business Planning and Consolidation 800/810

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries.

8.8
2023-01-10 CVE-2023-0022 SAP Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network.

8.8
2023-01-09 CVE-2022-3417 Bravenewcode Unspecified vulnerability in Bravenewcode Wptouch

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.

8.8
2023-01-09 CVE-2022-3679 Kadencewp Unspecified vulnerability in Kadencewp Starter Templates 1.2.17

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

8.8
2023-01-09 CVE-2014-125072 Klattr Project SQL Injection vulnerability in Klattr Project Klattr

A vulnerability classified as critical has been found in CherishSin klattr.

8.8
2023-01-09 CVE-2023-22472 Nextcloud Cross-Site Request Forgery (CSRF) vulnerability in Nextcloud Desktop 3.6.1

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

8.8
2023-01-09 CVE-2022-2196 Linux
Debian
Insecure Default Initialization of Resource vulnerability in multiple products

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1.

8.8
2023-01-09 CVE-2022-22088 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote

8.8
2023-01-09 CVE-2022-35281 IBM Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Maximo Application Suite and Maximo Asset Management

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection.

8.8
2023-01-12 CVE-2023-22601 Inhandnetworks Use of Insufficiently Random Values vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters.

8.6
2023-01-12 CVE-2022-4037 Gitlab Race Condition vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

8.5
2023-01-12 CVE-2017-14454 Insteon Classic Buffer Overflow vulnerability in Insteon HUB Firmware 1012

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012.

8.5
2023-01-13 CVE-2022-46093 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

Hospital Management System v1.0 is vulnerable to SQL Injection.

8.2
2023-01-13 CVE-2022-42276 Nvidia Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

8.2
2023-01-13 CVE-2022-42277 Nvidia Missing Authentication for Critical Function vulnerability in Nvidia DGX Station A100 Firmware

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.

8.2
2023-01-11 CVE-2022-43393 Zyxel Improper Check for Unusual or Exceptional Conditions vulnerability in Zyxel products

An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.

8.2
2023-01-14 CVE-2022-45353 Muffingroup Incorrect Authorization vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1

Broken Access Control in Betheme theme <= 26.6.1 on WordPress.

8.1
2023-01-12 CVE-2023-22600 Inhandnetworks Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control.

8.1
2023-01-10 CVE-2023-21535 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2023-01-10 CVE-2023-21543 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

8.1
2023-01-10 CVE-2023-21546 Microsoft Race Condition vulnerability in Microsoft products

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

8.1
2023-01-10 CVE-2023-21548 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2023-01-10 CVE-2023-21555 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

8.1
2023-01-10 CVE-2023-21556 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

8.1
2023-01-10 CVE-2023-21679 Microsoft Race Condition vulnerability in Microsoft products

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

8.1
2023-01-10 CVE-2022-35401 Asus Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230.

8.1
2023-01-10 CVE-2022-4703 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59.

8.1
2023-01-10 CVE-2022-4704 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59.

8.1
2023-01-11 CVE-2015-10038 Pplv2 Project SQL Injection vulnerability in Pplv2 Project Pplv2

A vulnerability was found in nym3r0s pplv2.

8.0
2023-01-11 CVE-2015-10039 Domino Project SQL Injection vulnerability in Domino Project Domino

A vulnerability was found in dobos domino.

8.0
2023-01-11 CVE-2020-36650 GRY Project Command Injection vulnerability in GRY Project GRY

A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x.

8.0
2023-01-11 CVE-2022-4428 Cloudflare Improper Input Validation vulnerability in Cloudflare Warp

support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option.

8.0
2023-01-10 CVE-2023-21745 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Spoofing Vulnerability

8.0
2023-01-10 CVE-2023-21762 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Spoofing Vulnerability

8.0
2023-01-15 CVE-2023-0302 Radare Injection vulnerability in Radare Radare2

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.

7.8
2023-01-13 CVE-2023-21594 Adobe Heap-based Buffer Overflow vulnerability in Adobe Incopy 17.0/18.0

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-13 CVE-2023-21595 Adobe Out-of-bounds Write vulnerability in Adobe Incopy 17.0/18.0

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-13 CVE-2023-21596 Adobe Improper Input Validation vulnerability in Adobe Incopy 17.0/18.0

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-13 CVE-2023-21587 Adobe Heap-based Buffer Overflow vulnerability in Adobe Indesign 17.2.1/18.0

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-13 CVE-2023-21588 Adobe Improper Input Validation vulnerability in Adobe Indesign 17.2.1/18.0

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-13 CVE-2023-21589 Adobe Out-of-bounds Write vulnerability in Adobe Indesign 17.2.1/18.0

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-13 CVE-2023-21590 Adobe Out-of-bounds Write vulnerability in Adobe Indesign 17.2.1/18.0

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-01-13 CVE-2023-0288 VIM Heap-based Buffer Overflow vulnerability in VIM

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.

7.8
2023-01-13 CVE-2022-3841 Redhat Server-Side Request Forgery (SSRF) vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0

RHACM: unauthenticated SSRF in console API endpoint.

7.8
2023-01-13 CVE-2022-42268 Nvidia Code Injection vulnerability in Nvidia products

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima.

7.8
2023-01-13 CVE-2022-42286 Nvidia Unspecified vulnerability in Nvidia Sbios

DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.

7.8
2023-01-13 CVE-2022-42287 Nvidia Unrestricted Upload of File with Dangerous Type vulnerability in Nvidia BMC

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.

7.8
2023-01-13 CVE-2022-42278 Nvidia Unspecified vulnerability in Nvidia BMC

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.

7.8
2023-01-13 CVE-2022-42280 Nvidia Path Traversal vulnerability in Nvidia BMC

NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.

7.8
2023-01-13 CVE-2022-42283 Nvidia Classic Buffer Overflow vulnerability in Nvidia BMC

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

7.8
2023-01-13 CVE-2022-42285 Nvidia Unspecified vulnerability in Nvidia Sbios

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

7.8
2023-01-13 CVE-2022-3159 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files.

7.8
2023-01-13 CVE-2022-3160 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files.

7.8
2023-01-13 CVE-2022-3161 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files.

7.8
2023-01-13 CVE-2022-42274 Nvidia Classic Buffer Overflow vulnerability in Nvidia BMC

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

7.8
2023-01-13 CVE-2023-23559 Linux
Netapp
Debian
Integer Overflow or Wraparound vulnerability in multiple products

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

7.8
2023-01-12 CVE-2022-46623 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.

7.8
2023-01-12 CVE-2022-3977 Linux Use After Free vulnerability in Linux Kernel 6.1

A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality.

7.8
2023-01-12 CVE-2023-0247 Bloom Project Uncontrolled Search Path Element vulnerability in Bloom Project Bloom

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.

7.8
2023-01-11 CVE-2022-4696 Linux Use After Free vulnerability in Linux Kernel

There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation.

7.8
2023-01-11 CVE-2021-26316 AMD Improper Input Validation vulnerability in AMD products

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.

7.8
2023-01-11 CVE-2021-26398 AMD Out-of-bounds Write vulnerability in AMD products

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

7.8
2023-01-11 CVE-2021-26409 AMD Classic Buffer Overflow vulnerability in AMD Milanpi Firmware

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity.

7.8
2023-01-11 CVE-2022-42271 Nvidia Classic Buffer Overflow vulnerability in Nvidia DGX A100 Firmware

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution

7.8
2023-01-10 CVE-2023-21524 Microsoft Unspecified vulnerability in Microsoft products

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21537 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21541 Microsoft Unspecified vulnerability in Microsoft products

Windows Task Scheduler Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21551 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21552 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows GDI Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21558 Microsoft Unspecified vulnerability in Microsoft products

Windows Error Reporting Service Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21561 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21675 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21678 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21680 Microsoft Unspecified vulnerability in Microsoft products

Windows Win32k Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21724 Microsoft Unspecified vulnerability in Microsoft products

Microsoft DWM Core Library Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21726 Microsoft Unspecified vulnerability in Microsoft products

Windows Credential Manager User Interface Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21730 Microsoft Improper Privilege Management vulnerability in Microsoft products

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21734 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21735 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21736 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21737 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21738 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21746 Microsoft Unspecified vulnerability in Microsoft products

Windows NTLM Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21747 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21748 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21749 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21754 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21755 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21763 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21764 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21765 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21767 Microsoft Unspecified vulnerability in Microsoft products

Windows Overlay Filter Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21768 Microsoft Unspecified vulnerability in Microsoft Windows 11 and Windows Server 2022

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21772 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21773 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21774 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-01-10 CVE-2023-21779 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Visual Studio Code Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21780 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21781 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21782 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21783 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21784 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21785 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21786 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21787 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21788 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21789 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21790 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21791 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21792 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2023-21793 Microsoft Unspecified vulnerability in Microsoft 3D Builder

3D Builder Remote Code Execution Vulnerability

7.8
2023-01-10 CVE-2022-36443 Zebra Unspecified vulnerability in Zebra Enterprise Home Screen 4.1.19

An issue was discovered in Zebra Enterprise Home Screen 4.1.19.

7.8
2023-01-10 CVE-2022-47935 Siemens Out-of-bounds Write vulnerability in Siemens JT Open Toolkit, JT Utilities and Solid Edge

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023).

7.8
2023-01-10 CVE-2022-47967 Siemens Out-of-bounds Write vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1).

7.8
2023-01-10 CVE-2022-4294 Avira
Norton
Avast
AVG
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
7.8
2023-01-09 CVE-2022-36925 Zoom Use of Hard-coded Credentials vulnerability in Zoom Rooms

Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism.

7.8
2023-01-09 CVE-2022-36926 Zoom Unspecified vulnerability in Zoom Rooms

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability.

7.8
2023-01-09 CVE-2022-36927 Zoom Unspecified vulnerability in Zoom Rooms

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability.

7.8
2023-01-09 CVE-2022-36929 Zoom Unspecified vulnerability in Zoom Rooms

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability.

7.8
2023-01-09 CVE-2022-36930 Zoom Unspecified vulnerability in Zoom Rooms

Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability.

7.8
2023-01-09 CVE-2022-23508 Weave Files or Directories Accessible to External Parties vulnerability in Weave Gitops

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise.

7.8
2023-01-09 CVE-2022-25715 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields

7.8
2023-01-09 CVE-2022-25717 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in display due to double free while allocating frame buffer memory

7.8
2023-01-09 CVE-2022-25721 Qualcomm Type Confusion vulnerability in Qualcomm products

Memory corruption in video driver due to type confusion error during video playback

7.8
2023-01-09 CVE-2022-25746 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.

7.8
2023-01-09 CVE-2022-33218 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Automotive due to improper input validation.

7.8
2023-01-09 CVE-2022-33219 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.

7.8
2023-01-09 CVE-2022-33266 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.

7.8
2023-01-09 CVE-2022-33274 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.

7.8
2023-01-09 CVE-2022-33276 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.

7.8
2023-01-09 CVE-2022-33300 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Automotive Android OS due to improper input validation.

7.8
2023-01-09 CVE-2022-40516 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Core due to stack-based buffer overflow.

7.8
2023-01-09 CVE-2022-40517 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in core due to stack-based buffer overflow

7.8
2023-01-09 CVE-2022-40520 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to stack-based buffer overflow in Core

7.8
2023-01-09 CVE-2022-43662 Openharmony
Openatom
Out-of-bounds Write vulnerability in multiple products

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime.

7.8
2023-01-09 CVE-2022-45126 Openharmony
Openatom
Out-of-bounds Write vulnerability in multiple products

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.

7.8
2023-01-09 CVE-2023-0035 Openatom Authentication Bypass by Capture-replay vulnerability in Openatom Openharmony

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

7.8
2023-01-09 CVE-2023-0036 Openatom Authentication Bypass by Capture-replay vulnerability in Openatom Openharmony

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

7.8
2023-01-12 CVE-2017-5242 Rapid7 Use of Insufficiently Random Values vulnerability in Rapid7 Insightvm

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys.

7.7
2023-01-15 CVE-2016-15019 Jekbox Project Path Traversal vulnerability in Jekbox Project Jekbox

A vulnerability was found in tombh jekbox.

7.5
2023-01-15 CVE-2023-0303 Online Food Ordering System V2 Project SQL Injection vulnerability in Online Food Ordering System V2 Project Online Food Ordering System V2

A vulnerability was found in SourceCodester Online Food Ordering System.

7.5
2023-01-15 CVE-2023-0304 Online Food Ordering System V2 Project SQL Injection vulnerability in Online Food Ordering System V2 Project Online Food Ordering System V2

A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System.

7.5
2023-01-15 CVE-2023-0305 Online Food Ordering System V2 Project SQL Injection vulnerability in Online Food Ordering System V2 Project Online Food Ordering System V2

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System.

7.5
2023-01-15 CVE-2023-23595 Bluecatnetworks XXE vulnerability in Bluecatnetworks Device Registration Portal 2.2

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files.

7.5
2023-01-15 CVE-2023-23590 Mercedes Benz Unspecified vulnerability in Mercedes-Benz Xentry Retail Data Storage Firmware 7.8.1

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request.

7.5
2023-01-14 CVE-2023-22602 Apache
Vmware
Interpretation Conflict vulnerability in multiple products

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques.

7.5
2023-01-14 CVE-2023-22478 Fit2Cloud Missing Authorization vulnerability in Fit2Cloud Kubepi

KubePi is a modern Kubernetes panel.

7.5
2023-01-13 CVE-2022-41721 Golang HTTP Request Smuggling vulnerability in Golang H2C

A request smuggling attack is possible when using MaxBytesHandler.

7.5
2023-01-13 CVE-2021-36204 Johnsoncontrols Insufficiently Protected Credentials vulnerability in Johnsoncontrols products

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.

7.5
2023-01-13 CVE-2023-22493 Rsshub Server-Side Request Forgery (SSRF) vulnerability in Rsshub 20210125

RSSHub is an open source RSS feed generator.

7.5
2023-01-13 CVE-2022-3693 Fileorbis Path Traversal vulnerability in Fileorbis

The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability.

7.5
2023-01-13 CVE-2022-48256 Technitium Infinite Loop vulnerability in Technitium DNS Server

Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.

7.5
2023-01-13 CVE-2022-46463 Linuxfoundation Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.

7.5
2023-01-13 CVE-2023-22391 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos

A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22393 Juniper Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved

An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22394 Juniper Unspecified vulnerability in Juniper Junos

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS).

7.5
2023-01-13 CVE-2023-22396 Juniper Resource Exhaustion vulnerability in Juniper Junos

An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22399 Juniper Classic Buffer Overflow vulnerability in Juniper Junos

When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition.

7.5
2023-01-13 CVE-2023-22400 Juniper Resource Exhaustion vulnerability in Juniper Junos OS Evolved

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22401 Juniper Improper Validation of Array Index vulnerability in Juniper Junos and Junos OS Evolved

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22403 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology.

7.5
2023-01-13 CVE-2023-22408 Juniper Improper Validation of Array Index vulnerability in Juniper Junos

An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22411 Juniper Out-of-bounds Write vulnerability in Juniper Junos

An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22412 Juniper Improper Locking vulnerability in Juniper Junos

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22413 Juniper Unspecified vulnerability in Juniper Junos

An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22415 Juniper Out-of-bounds Write vulnerability in Juniper Junos

An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22416 Juniper Classic Buffer Overflow vulnerability in Juniper Junos

A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

7.5
2023-01-13 CVE-2023-22417 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

7.5
2023-01-12 CVE-2022-25026 Rocketsoftware Server-Side Request Forgery (SSRF) vulnerability in Rocketsoftware Trufusion Enterprise

A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.

7.5
2023-01-12 CVE-2022-25027 Rocketsoftware Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rocketsoftware Trufusion Enterprise

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.

7.5
2023-01-12 CVE-2022-4743 Libsdl
Redhat
Memory Leak vulnerability in multiple products

A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c.

7.5
2023-01-12 CVE-2022-46370 Maxum Insufficient Verification of Data Authenticity vulnerability in Maxum Rumpus

Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.

7.5
2023-01-12 CVE-2022-3613 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

7.5
2023-01-12 CVE-2022-4167 Gitlab Incorrect Authorization vulnerability in Gitlab

Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

7.5
2023-01-11 CVE-2022-4874 Netcommwireless Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware

Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content.

7.5
2023-01-11 CVE-2022-4499 TP Link Information Exposure Through Discrepancy vulnerability in Tp-Link Archer C5 Firmware and Tl-Wr710N Firmware

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack.

7.5
2023-01-11 CVE-2018-25074 Skeemas Project Unspecified vulnerability in Skeemas Project Skeemas

A vulnerability was found in Prestaul skeemas and classified as problematic.

7.5
2023-01-11 CVE-2020-36649 Papaparse Unspecified vulnerability in Papaparse 5.1.0/5.1.1

A vulnerability was found in mholt PapaParse up to 5.1.x.

7.5
2023-01-11 CVE-2023-20522 AMD Improper Input Validation vulnerability in AMD Milanpi Firmware and Romepi Firmware

Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.

7.5
2023-01-11 CVE-2023-20529 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.

7.5
2023-01-11 CVE-2023-20530 AMD Improper Input Validation vulnerability in AMD products

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

7.5
2023-01-11 CVE-2023-20531 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.

7.5
2023-01-10 CVE-2022-46449 Musicpd Out-of-bounds Write vulnerability in Musicpd Music Player Daemon 0.23.10

An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input.

7.5
2023-01-10 CVE-2022-4379 Linux
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.

7.5
2023-01-10 CVE-2023-21527 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Service Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21538 Microsoft
Fedoraproject
.NET Denial of Service Vulnerability
7.5
2023-01-10 CVE-2023-21539 Microsoft Unspecified vulnerability in Microsoft products

Windows Authentication Remote Code Execution Vulnerability

7.5
2023-01-10 CVE-2023-21547 Microsoft Resource Exhaustion vulnerability in Microsoft products

Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21557 Microsoft Resource Exhaustion vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21677 Microsoft Unspecified vulnerability in Microsoft products

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21683 Microsoft Unspecified vulnerability in Microsoft products

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21728 Microsoft Unspecified vulnerability in Microsoft products

Windows Netlogon Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21757 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21758 Microsoft Unspecified vulnerability in Microsoft products

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

7.5
2023-01-10 CVE-2023-21761 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Information Disclosure Vulnerability

7.5
2023-01-10 CVE-2022-38105 Asus Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service.

7.5
2023-01-10 CVE-2022-38393 Asus Out-of-bounds Read vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230

A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service.

7.5
2023-01-10 CVE-2022-38491 Easyvista Improper Restriction of Excessive Authentication Attempts vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03.

7.5
2023-01-10 CVE-2022-46163 Opensuse SQL Injection vulnerability in Opensuse Travel Support Program

Travel support program is a rails app to support the travel support program of openSUSE (TSP).

7.5
2023-01-10 CVE-2022-4636 Blackbox Path Traversal vulnerability in Blackbox products

Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.

7.5
2023-01-10 CVE-2022-43513 Siemens Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Automation License Manager

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2).

7.5
2023-01-10 CVE-2022-48251 ARM Information Exposure Through Discrepancy vulnerability in ARM products

The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks.

7.5
2023-01-10 CVE-2023-22320 Openam Path Traversal vulnerability in Openam 4.1.0

OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22).

7.5
2023-01-10 CVE-2023-22895 Bzip2 Project Integer Overflow or Wraparound vulnerability in Bzip2 Project Bzip2

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs.

7.5
2023-01-09 CVE-2022-43972 Linksys NULL Pointer Dereference vulnerability in Linksys Wrt54Gl Firmware

A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006.

7.5
2023-01-09 CVE-2023-22477 Mercurius Project Unspecified vulnerability in Mercurius Project Mercurius

Mercurius is a GraphQL adapter for Fastify.

7.5
2023-01-09 CVE-2017-20165 Debug Project Unspecified vulnerability in Debug Project Debug

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x.

7.5
2023-01-09 CVE-2022-33290 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

7.5
2023-01-09 CVE-2022-33299 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

7.5
2023-01-13 CVE-2022-3143 Redhat Information Exposure Through Discrepancy vulnerability in Redhat products

wildfly-elytron: possible timing attacks via use of unsafe comparator.

7.4
2023-01-13 CVE-2023-21597 Adobe Out-of-bounds Write vulnerability in Adobe Incopy 17.0/18.0

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.3
2023-01-11 CVE-2023-22947 Shibboleth Uncontrolled Search Path Element vulnerability in Shibboleth Service Provider

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder.

7.3
2023-01-14 CVE-2023-22851 Tiki Unrestricted Upload of File with Dangerous Type vulnerability in Tiki

Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.

7.2
2023-01-13 CVE-2022-46946 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.

7.2
2023-01-13 CVE-2022-46947 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

7.2
2023-01-13 CVE-2022-46949 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.

7.2
2023-01-13 CVE-2022-46950 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window.

7.2
2023-01-13 CVE-2022-46951 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.

7.2
2023-01-13 CVE-2022-46952 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user.

7.2
2023-01-13 CVE-2022-46953 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window.

7.2
2023-01-13 CVE-2022-46956 Dynamic Transaction Queuing System Project SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.

7.2
2023-01-12 CVE-2023-22598 Inhandnetworks OS Command Injection vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

7.2
2023-01-12 CVE-2022-46472 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete.

7.2
2023-01-09 CVE-2022-3416 Bravenewcode Unspecified vulnerability in Bravenewcode Wptouch

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

7.2
2023-01-09 CVE-2022-4043 WP Custom Admin Interface Project Unspecified vulnerability in WP Custom Admin Interface Project WP Custom Admin Interface

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

7.2
2023-01-09 CVE-2022-43970 Linksys Out-of-bounds Write vulnerability in Linksys Wrt54Gl Firmware

A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006.

7.2
2023-01-09 CVE-2022-43971 Linksys OS Command Injection vulnerability in Linksys Wumc710 Firmware 1.0.02

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3).

7.2
2023-01-09 CVE-2022-43973 Linksys OS Command Injection vulnerability in Linksys Wrt54Gl Firmware

An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006.

7.2
2023-01-13 CVE-2022-42275 Nvidia Missing Authentication for Critical Function vulnerability in Nvidia BMC

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections.

7.1
2023-01-12 CVE-2022-2155 Hitachienergy Unspecified vulnerability in Hitachienergy Lumada Asset Performance Management

A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature.

7.1
2023-01-11 CVE-2021-26402 AMD Out-of-bounds Write vulnerability in AMD products

Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.

7.1
2023-01-11 CVE-2021-46779 AMD Out-of-bounds Write vulnerability in AMD products

Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.

7.1
2023-01-10 CVE-2023-21741 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Information Disclosure Vulnerability

7.1
2023-01-10 CVE-2023-21750 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.1
2023-01-10 CVE-2023-21752 Microsoft Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows 7

Windows Backup Service Elevation of Privilege Vulnerability

7.1
2023-01-10 CVE-2023-21760 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

7.1
2023-01-10 CVE-2022-36441 Zebra Unspecified vulnerability in Zebra Enterprise Home Screen 4.1.19

An issue was discovered in Zebra Enterprise Home Screen 4.1.19.

7.1
2023-01-09 CVE-2022-36928 Zoom Path Traversal vulnerability in Zoom

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability.

7.1
2023-01-10 CVE-2023-21531 Microsoft Improper Privilege Management vulnerability in Microsoft Azure Service Fabric 8.2/9.0/9.1

Azure Service Fabric Container Elevation of Privilege Vulnerability

7.0
2023-01-10 CVE-2023-21532 Microsoft Unspecified vulnerability in Microsoft products

Windows GDI Elevation of Privilege Vulnerability

7.0
2023-01-10 CVE-2023-21542 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability

7.0
2023-01-10 CVE-2023-21733 Microsoft Race Condition vulnerability in Microsoft products

Windows Bind Filter Driver Elevation of Privilege Vulnerability

7.0
2023-01-10 CVE-2023-21739 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Driver Elevation of Privilege Vulnerability

7.0
2023-01-10 CVE-2023-21771 Microsoft Race Condition vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability

7.0
2023-01-09 CVE-2022-25716 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Memory corruption in Multimedia Framework due to unsafe access to the data members

7.0

226 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-10 CVE-2023-21563 Microsoft Unspecified vulnerability in Microsoft products

BitLocker Security Feature Bypass Vulnerability

6.8
2023-01-10 CVE-2022-38773 Siemens Unspecified vulnerability in Siemens products

Affected devices do not contain an Immutable Root of Trust in Hardware.

6.8
2023-01-13 CVE-2022-42281 Nvidia Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware

NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

6.7
2023-01-10 CVE-2023-0012 SAP Improper Access Control vulnerability in SAP Host Agent 7.21/7.22

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account.

6.7
2023-01-12 CVE-2022-3628 Linux Classic Buffer Overflow vulnerability in Linux Kernel 6.1

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver.

6.6
2023-01-10 CVE-2023-21560 Microsoft Incorrect Authorization vulnerability in Microsoft products

Windows Boot Manager Security Feature Bypass Vulnerability

6.6
2023-01-14 CVE-2022-2815 Publify Project Insecure Storage of Sensitive Information vulnerability in Publify Project Publify

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

6.5
2023-01-14 CVE-2023-0298 Firefly III Incorrect Authorization vulnerability in Firefly-Iii Firefly III

Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.

6.5
2023-01-14 CVE-2022-23532 Neo4J Path Traversal vulnerability in Neo4J Awesome Procedures on Cyper

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions.

6.5
2023-01-14 CVE-2022-41956 Autolabproject Path Traversal vulnerability in Autolabproject Autolab

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web.

6.5
2023-01-14 CVE-2023-22470 Nextcloud Improper Input Validation vulnerability in Nextcloud Deck

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

6.5
2023-01-14 CVE-2023-22852 Tiki Cross-Site Request Forgery (CSRF) vulnerability in Tiki

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.

6.5
2023-01-14 CVE-2023-23589 Torproject
Debian
Fedoraproject
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
6.5
2023-01-13 CVE-2015-10040 Gitlearn Project Improper Encoding or Escaping of Output vulnerability in Gitlearn Project Gitlearn

A vulnerability was found in gitlearn.

6.5
2023-01-13 CVE-2022-48090 Hotel Management System Project SQL Injection vulnerability in Hotel Management System Project Hotel Management System 20220411

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.

6.5
2023-01-13 CVE-2023-0105 Redhat Improper Authentication vulnerability in Redhat Keycloak

A flaw was found in Keycloak.

6.5
2023-01-13 CVE-2023-22395 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

6.5
2023-01-13 CVE-2023-22404 Juniper Out-of-bounds Write vulnerability in Juniper Junos

An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS).

6.5
2023-01-13 CVE-2023-22405 Juniper Unspecified vulnerability in Juniper Junos

An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources.

6.5
2023-01-13 CVE-2023-22406 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

6.5
2023-01-13 CVE-2023-22407 Juniper Incomplete Cleanup vulnerability in Juniper Junos

An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

6.5
2023-01-13 CVE-2023-22410 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).

6.5
2023-01-13 CVE-2023-22414 Juniper Memory Leak vulnerability in Juniper Junos

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash.

6.5
2023-01-12 CVE-2022-3437 Samba
Fedoraproject
Heap-based Buffer Overflow vulnerability in multiple products

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal.

6.5
2023-01-12 CVE-2022-3592 Samba
Fedoraproject
Link Following vulnerability in multiple products

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path.

6.5
2023-01-12 CVE-2022-4345 Wireshark Infinite Loop vulnerability in Wireshark

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

6.5
2023-01-12 CVE-2023-0227 Pyload Insufficient Session Expiration vulnerability in Pyload

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.

6.5
2023-01-11 CVE-2022-34335 IBM Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service.

6.5
2023-01-11 CVE-2021-26403 AMD Unspecified vulnerability in AMD products

Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.

6.5
2023-01-11 CVE-2023-20525 AMD Improper Input Validation vulnerability in AMD products

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.

6.5
2023-01-11 CVE-2023-20527 AMD Improper Input Validation vulnerability in AMD products

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.

6.5
2023-01-11 CVE-2022-43391 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.

6.5
2023-01-11 CVE-2022-43392 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.

6.5
2023-01-10 CVE-2023-22479 Fit2Cloud Session Fixation vulnerability in Fit2Cloud Kubepi

KubePi is a modern Kubernetes panel.

6.5
2023-01-10 CVE-2023-0130 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2023-01-10 CVE-2023-0131 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page.

6.5
2023-01-10 CVE-2023-0132 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page.

6.5
2023-01-10 CVE-2023-0133 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page.

6.5
2023-01-10 CVE-2023-0139 Google Improper Input Validation vulnerability in Google Chrome

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

6.5
2023-01-10 CVE-2023-0140 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.

6.5
2023-01-10 CVE-2022-4702 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59.

6.5
2023-01-10 CVE-2022-4707 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59.

6.5
2023-01-10 CVE-2022-4708 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59.

6.5
2023-01-10 CVE-2022-4709 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59.

6.5
2023-01-10 CVE-2023-22898 Circl Improper Input Validation vulnerability in Circl Pandora

workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).

6.5
2023-01-09 CVE-2015-10033 Merlinsboard Project Incorrect Authorization vulnerability in Merlinsboard Project Merlinsboard

A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard.

6.5
2023-01-09 CVE-2022-46258 Github Incorrect Authorization vulnerability in Github Enterprise Server

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope.

6.5
2023-01-09 CVE-2022-33255 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.

6.5
2023-01-09 CVE-2022-33283 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.

6.5
2023-01-09 CVE-2022-33284 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.

6.5
2023-01-09 CVE-2022-33285 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

6.5
2023-01-09 CVE-2022-33286 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

6.5
2023-01-10 CVE-2022-4382 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found.

6.4
2023-01-10 CVE-2023-21725 Microsoft Race Condition vulnerability in Microsoft Windows Malicious Software Removal Tool 5.80

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

6.3
2023-01-15 CVE-2023-0312 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

6.1
2023-01-15 CVE-2023-0314 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

6.1
2023-01-15 CVE-2015-10052 Gibb Modul 151 Project Open Redirect vulnerability in Gibb-Modul-151 Project Gibb-Modul-151

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151.

6.1
2023-01-15 CVE-2015-10049 Course Builder Project Cross-site Scripting vulnerability in Course-Builder Project Course-Builder

A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic.

6.1
2023-01-14 CVE-2017-20167 Minichan Cross-site Scripting vulnerability in Minichan

A vulnerability, which was classified as problematic, was found in Minichan.

6.1
2023-01-14 CVE-2022-38467 Crmperks Cross-site Scripting vulnerability in Crmperks CRM Perks Forms

Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.

6.1
2023-01-13 CVE-2009-10001 Cool PHP Captcha Project Cross-site Scripting vulnerability in Cool-PHP-Captcha Project Cool-PHP-Captcha

A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2.

6.1
2023-01-13 CVE-2009-10002 Fittr Flickr Project Cross-site Scripting vulnerability in Fittr Flickr Project Fittr Flickr

A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr.

6.1
2023-01-13 CVE-2021-4312 Rapidleech Cross-site Scripting vulnerability in Rapidleech 2.3

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech.

6.1
2023-01-13 CVE-2021-46872 NIM Lang Cross-site Scripting vulnerability in Nim-Lang NIM and Nimforum

An issue was discovered in Nim before 1.6.2.

6.1
2023-01-13 CVE-2023-22397 Juniper Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos OS Evolved

An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin.

6.1
2023-01-12 CVE-2022-45728 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0

Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

6.1
2023-01-12 CVE-2022-45729 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.

6.1
2023-01-12 CVE-2022-46622 Judging Management System Project Cross-site Scripting vulnerability in Judging Management System Project Judging Management System 1.0

A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.

6.1
2023-01-12 CVE-2023-0258 Online Food Ordering System Project Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

A vulnerability was found in SourceCodester Online Food Ordering System 2.0.

6.1
2023-01-12 CVE-2012-10005 PHP Form Builder Class Project Cross-site Scripting vulnerability in PHP-Form-Builder-Class Project PHP-Form-Builder-Class

A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic.

6.1
2023-01-12 CVE-2022-39183 Moodle Open Redirect vulnerability in Moodle Saml Authentication

Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.

6.1
2023-01-12 CVE-2022-39187 Maxum Cross-site Scripting vulnerability in Maxum Rumpus

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.

6.1
2023-01-12 CVE-2023-0042 Gitlab Open Redirect vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2.

6.1
2023-01-11 CVE-2013-10010 Zerochplus Project Cross-site Scripting vulnerability in Zerochplus Project Zerochplus

A vulnerability classified as problematic has been found in zerochplus.

6.1
2023-01-11 CVE-2018-25073 TS Ranksystem Cross-site Scripting vulnerability in Ts-Ranksystem Tsn-Ranksystem

A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic.

6.1
2023-01-11 CVE-2021-46767 AMD Improper Input Validation vulnerability in AMD Milanpi Firmware and Romepi Firmware

Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.

6.1
2023-01-11 CVE-2012-10004 Backdropcms Cross-site Scripting vulnerability in Backdropcms Basic Cart 1.0/1.1

A vulnerability was found in backdrop-contrib Basic Cart on Drupal.

6.1
2023-01-11 CVE-2023-22958 Syracom Open Redirect vulnerability in Syracom Secure Login

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.

6.1
2023-01-10 CVE-2022-38481 Mega Cross-site Scripting vulnerability in Mega Hopex 15.2.0.6110

An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2.

6.1
2023-01-10 CVE-2022-4710 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function.

6.1
2023-01-10 CVE-2022-46823 Mendix Cross-site Scripting vulnerability in Mendix Saml 2.3.0/3.3.0/3.3.1

A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8).

6.1
2023-01-10 CVE-2023-22911 Mediawiki
Fedoraproject
Cross-site Scripting vulnerability in multiple products

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.

6.1
2023-01-10 CVE-2021-46871 Phoenixframework Cross-site Scripting vulnerability in Phoenixframework Phoenix Html

tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.

6.1
2023-01-10 CVE-2023-0018 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload.

6.1
2023-01-10 CVE-2023-0013 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1
2023-01-09 CVE-2022-46603 Inkdrop Cross-site Scripting vulnerability in Inkdrop 5.4.1

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file.

6.1
2023-01-09 CVE-2022-4301 Sunshinephotocart Unspecified vulnerability in Sunshinephotocart Sunshine Photo Cart

The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

6.1
2023-01-09 CVE-2022-4310 WP Slimstat Unspecified vulnerability in Wp-Slimstat Slimstat Analytics

The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs

6.1
2023-01-09 CVE-2022-4325 Ifeelweb Unspecified vulnerability in Ifeelweb Post Status Notifier Lite

The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.

6.1
2023-01-09 CVE-2022-4368 Cpkwebsolutions Unspecified vulnerability in Cpkwebsolutions WP CSV 1.8.0.0

The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting.

6.1
2023-01-09 CVE-2022-4374 BG Bible References Project Unspecified vulnerability in BG Bible References Project BG Bible References 3.18.4

The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

6.1
2023-01-09 CVE-2021-36603 Tasmota Project Cross-site Scripting vulnerability in Tasmota Project Tasmota 6.5.0

Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".

6.1
2023-01-09 CVE-2023-0125 Control ID Panel Project Cross-site Scripting vulnerability in Control ID Panel Project Control ID Panel

A vulnerability was found in Control iD Gerencia Web 1.30.

6.1
2023-01-09 CVE-2015-10032 Healthmateweb Project Cross-site Scripting vulnerability in Healthmateweb Project Healthmateweb

A vulnerability was found in HealthMateWeb.

6.1
2023-01-09 CVE-2021-4310 01 Scripts Cross-site Scripting vulnerability in 01-Scripts 01-Artikelsystem

A vulnerability was found in 01-Scripts 01-Artikelsystem.

6.1
2023-01-09 CVE-2010-10004 Simplesamlphp Cross-site Scripting vulnerability in Simplesamlphp Information Cards Module 1.0/1.0.1/1.0.2

A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic.

6.1
2023-01-09 CVE-2022-23509 Weave Cleartext Transmission of Sensitive Information vulnerability in Weave Gitops

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise.

6.0
2023-01-13 CVE-2023-22402 Juniper Use After Free vulnerability in Juniper Junos OS Evolved

A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

5.9
2023-01-12 CVE-2023-22597 Inhandnetworks Cleartext Transmission of Sensitive Information vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information.

5.9
2023-01-11 CVE-2022-46176 Rust Lang Improper Verification of Cryptographic Signature vulnerability in Rust-Lang Cargo

Cargo is a Rust package manager.

5.9
2023-01-11 CVE-2023-22492 Zitadel Insufficient Session Expiration vulnerability in Zitadel

ZITADEL is a combination of Auth0 and Keycloak.

5.9
2023-01-11 CVE-2022-4885 Jefferson Project Path Traversal vulnerability in Jefferson Project Jefferson 0.3

A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical.

5.9
2023-01-10 CVE-2023-22899 Zip4J Project Origin Validation Error vulnerability in Zip4J Project Zip4J

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

5.9
2023-01-11 CVE-2023-20523 AMD Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.

5.7
2023-01-10 CVE-2023-0023 SAP Information Exposure vulnerability in SAP Bank Account Management 800/900

In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL.

5.7
2023-01-13 CVE-2023-21598 Adobe Use After Free vulnerability in Adobe Incopy 17.0/18.0

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-01-13 CVE-2023-21599 Adobe Out-of-bounds Read vulnerability in Adobe Incopy 17.0/18.0

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-01-13 CVE-2023-21591 Adobe Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-01-13 CVE-2023-21592 Adobe Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0

Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-01-13 CVE-2022-42282 Nvidia Unspecified vulnerability in Nvidia BMC

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.

5.5
2023-01-13 CVE-2022-42284 Nvidia Cleartext Storage of Sensitive Information vulnerability in Nvidia BMC

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host.

5.5
2023-01-13 CVE-2023-22398 Juniper Access of Uninitialized Pointer vulnerability in Juniper Junos 15.1/19.1/19.2

An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).

5.5
2023-01-13 CVE-2023-22409 Juniper Improper Validation of Specified Quantity in Input vulnerability in Juniper Junos

An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS).

5.5
2023-01-12 CVE-2022-4842 Linux NULL Pointer Dereference vulnerability in Linux Kernel 6.2

A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found.

5.5
2023-01-12 CVE-2023-23456 UPX Project
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file.

5.5
2023-01-12 CVE-2023-23457 UPX Project
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp.

5.5
2023-01-12 CVE-2022-39186 Exfo Incorrect Permission Assignment for Critical Resource vulnerability in Exfo Bv-10 Firmware

EXFO - BV-10 Performance Endpoint Unit misconfiguration.

5.5
2023-01-12 CVE-2023-23454 Linux
Debian
Type Confusion vulnerability in multiple products

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

5.5
2023-01-12 CVE-2023-23455 Linux
Debian
Type Confusion vulnerability in multiple products

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

5.5
2023-01-12 CVE-2022-47927 Mediawiki
Fedoraproject
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.

5.5
2023-01-12 CVE-2022-24913 Java Merge Sort Project Exposure of Resource to Wrong Sphere vulnerability in Java-Merge-Sort Project Java-Merge-Sort

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.

5.5
2023-01-11 CVE-2022-4457 Cloudflare Unspecified vulnerability in Cloudflare Warp

Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack.

5.5
2023-01-11 CVE-2022-4415 Systemd Project Unspecified vulnerability in Systemd Project Systemd

A vulnerability was found in systemd.

5.5
2023-01-11 CVE-2022-4543 Linux Information Exposure Through Discrepancy vulnerability in Linux Kernel

A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI).

5.5
2023-01-11 CVE-2021-26343 AMD Exposure of Resource to Wrong Sphere vulnerability in AMD products

Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.

5.5
2023-01-11 CVE-2021-26346 AMD Integer Overflow or Wraparound vulnerability in AMD products

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

5.5
2023-01-11 CVE-2021-26355 AMD Unspecified vulnerability in AMD products

Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.

5.5
2023-01-11 CVE-2021-26404 AMD Improper Input Validation vulnerability in AMD products

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

5.5
2023-01-11 CVE-2021-26407 AMD Use of Insufficiently Random Values vulnerability in AMD Romepi Firmware

A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.

5.5
2023-01-11 CVE-2021-46768 AMD Out-of-bounds Read vulnerability in AMD Milanpi Firmware and Romepi Firmware

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.

5.5
2023-01-11 CVE-2021-46791 AMD Out-of-bounds Write vulnerability in AMD Milanpi Firmware

Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.

5.5
2023-01-10 CVE-2023-21540 Microsoft Unspecified vulnerability in Microsoft products

Windows Cryptographic Information Disclosure Vulnerability

5.5
2023-01-10 CVE-2023-21550 Microsoft Unspecified vulnerability in Microsoft products

Windows Cryptographic Information Disclosure Vulnerability

5.5
2023-01-10 CVE-2023-21559 Microsoft Unspecified vulnerability in Microsoft products

Windows Cryptographic Information Disclosure Vulnerability

5.5
2023-01-10 CVE-2023-21753 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019

Event Tracing for Windows Information Disclosure Vulnerability

5.5
2023-01-10 CVE-2023-21776 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

5.5
2023-01-10 CVE-2022-36442 Zebra Unspecified vulnerability in Zebra Enterprise Home Screen 4.1.19

An issue was discovered in Zebra Enterprise Home Screen 4.1.19.

5.5
2023-01-09 CVE-2022-22470 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Governance 10.0

IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user.

5.5
2023-01-09 CVE-2022-25722 Qualcomm Use After Free vulnerability in Qualcomm products

Information exposure in DSP services due to improper handling of freeing memory

5.5
2023-01-09 CVE-2022-25725 Qualcomm Release of Invalid Pointer or Reference vulnerability in Qualcomm products

Denial of service in MODEM due to improper pointer handling

5.5
2023-01-09 CVE-2022-33252 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.

5.5
2023-01-09 CVE-2022-33253 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.

5.5
2023-01-09 CVE-2022-40518 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer overread in Core

5.5
2023-01-09 CVE-2022-40519 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer overread in Core

5.5
2023-01-15 CVE-2023-0306 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

5.4
2023-01-15 CVE-2023-0308 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

5.4
2023-01-15 CVE-2023-0309 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

5.4
2023-01-15 CVE-2023-0310 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

5.4
2023-01-15 CVE-2023-0313 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

5.4
2023-01-15 CVE-2014-125078 Horizon Project Cross-site Scripting vulnerability in Horizon Project Horizon

A vulnerability was found in yanheven console and classified as problematic.

5.4
2023-01-14 CVE-2023-0300 Opencollective Cross-site Scripting vulnerability in Opencollective Alf.Io

Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.

5.4
2023-01-14 CVE-2023-0301 Opencollective Cross-site Scripting vulnerability in Opencollective Alf.Io

Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.

5.4
2023-01-13 CVE-2022-48091 Hotel Management System Project Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 20220411

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.

5.4
2023-01-13 CVE-2023-22491 Gatsbyjs Cross-site Scripting vulnerability in Gatsbyjs Gatsby

Gatsby is a free and open source framework based on React that helps developers build websites and apps.

5.4
2023-01-13 CVE-2023-0289 Webcalendar Project Cross-site Scripting vulnerability in Webcalendar Project Webcalendar

Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.

5.4
2023-01-13 CVE-2023-0287 Favorites WEB Project Cross-site Scripting vulnerability in Favorites-Web Project Favorites-Web

A vulnerability was found in ityouknow favorites-web.

5.4
2023-01-13 CVE-2022-42704 Servicenow Cross-site Scripting vulnerability in Servicenow Quebec/Rome/Sandiego

A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.

5.4
2023-01-13 CVE-2022-46438 Douco Cross-site Scripting vulnerability in Douco Douphp 1.720221118

A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.

5.4
2023-01-12 CVE-2022-47102 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Student Study Center Management System 1.0

A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

5.4
2023-01-12 CVE-2023-22488 Flarum Missing Authorization vulnerability in Flarum

Flarum is a forum software for building communities.

5.4
2023-01-12 CVE-2022-46369 Maxum Cross-site Scripting vulnerability in Maxum Rumpus

Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.

5.4
2023-01-12 CVE-2022-46503 Online Student Enrollment System Project Cross-site Scripting vulnerability in Online Student Enrollment System Project Online Student Enrollment System 1.0

A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.

5.4
2023-01-12 CVE-2023-0246 Espcms Cross-site Scripting vulnerability in Espcms P8.21120101

A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101.

5.4
2023-01-12 CVE-2022-3573 Gitlab
ABB
Cross-site Scripting vulnerability in multiple products

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

5.4
2023-01-10 CVE-2022-38489 Easyvista Cross-site Scripting vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS).

5.4
2023-01-10 CVE-2023-0015 SAP Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response.

5.4
2023-01-09 CVE-2022-4391 Vision Interactive Project Unspecified vulnerability in Vision Interactive Project Vision Interactive

The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

5.4
2023-01-09 CVE-2022-4392 Ipanorama 360 Wordpress Virtual Tour Builder Project Unspecified vulnerability in Ipanorama 360 Wordpress Virtual Tour Builder Project Ipanorama 360 Wordpress Virtual Tour Builder

The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

5.4
2023-01-09 CVE-2022-4393 Avirtum Cross-site Scripting vulnerability in Avirtum Imagelinks 1.4.0/1.4.1

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

5.4
2023-01-09 CVE-2022-4394 Ipages Flipbook Project Unspecified vulnerability in Ipages Flipbook Project Ipages Flipbook

The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

5.4
2023-01-09 CVE-2022-4468 Bootstrapped Unspecified vulnerability in Bootstrapped WP Recipe Maker

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.

5.4
2023-01-09 CVE-2022-4479 Dublue Unspecified vulnerability in Dublue Table of Contents Plus

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-01-09 CVE-2022-4491 WP Table Reloaded Project Unspecified vulnerability in Wp-Table Reloaded Project Wp-Table Reloaded

The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.

5.4
2023-01-09 CVE-2022-4497 Automattic Unspecified vulnerability in Automattic Jetpack CRM

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins

5.4
2023-01-09 CVE-2022-46769 Apache Cross-site Scripting vulnerability in Apache Sling CMS

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

5.4
2023-01-13 CVE-2022-42288 Nvidia Information Exposure Through Discrepancy vulnerability in Nvidia DGX A100 Firmware

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

5.3
2023-01-13 CVE-2022-48257 Eternal Terminal Project Incorrect Permission Assignment for Critical Resource vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.

5.3
2023-01-13 CVE-2022-48258 Eternal Terminal Project Unspecified vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.

5.3
2023-01-12 CVE-2022-46371 Alotceriot Information Exposure Through an Error Message vulnerability in Alotceriot Ar7088H-A Firmware

Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure.

5.3
2023-01-12 CVE-2022-3341 Ffmpeg NULL Pointer Dereference vulnerability in Ffmpeg

A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file.

5.3
2023-01-12 CVE-2022-3514 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

5.3
2023-01-12 CVE-2022-3870 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

5.3
2023-01-12 CVE-2022-4131 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

5.3
2023-01-11 CVE-2022-23813 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD Milanpi-Sp3 Firmware and Romepi Firmware

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.

5.3
2023-01-11 CVE-2022-23814 AMD Improper Input Validation vulnerability in AMD Milanpi-Sp3 Firmware

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment.

5.3
2023-01-11 CVE-2023-20532 AMD Improper Input Validation vulnerability in AMD products

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.

5.3
2023-01-11 CVE-2023-22963 Personnummer Improper Input Validation vulnerability in Personnummer

The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression.

5.3
2023-01-10 CVE-2023-21525 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Denial of Service Vulnerability

5.3
2023-01-10 CVE-2023-21682 Microsoft Unspecified vulnerability in Microsoft products

Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability

5.3
2023-01-10 CVE-2023-21743 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Security Feature Bypass Vulnerability

5.3
2023-01-10 CVE-2022-30332 Talend Information Exposure Through Discrepancy vulnerability in Talend Administration Center 7.3.1

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account.

5.3
2023-01-10 CVE-2023-22909 Mediawiki
Fedoraproject
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1.
5.3
2023-01-12 CVE-2023-0254 Simple Membership Plugin Unspecified vulnerability in Simple-Membership-Plugin Simple Membership WP User Import

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter.

4.9
2023-01-09 CVE-2022-4884 Checkmk Path Traversal vulnerability in Checkmk 2.0.0/2.1.0

Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.

4.9
2023-01-13 CVE-2023-0295 Obox Unspecified vulnerability in Obox Launchpad - Coming Soon & Maintenance Mode Plugin 1.0.13

The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping.

4.8
2023-01-10 CVE-2023-0162 Machothemes Unspecified vulnerability in Machothemes CPO Companion

The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping.

4.8
2023-01-09 CVE-2022-3855 404 TO Start Project Unspecified vulnerability in 404 to Start Project 404 to Start 1.6.1

The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-01-09 CVE-2022-4196 Mondula Unspecified vulnerability in Mondula Multi Step Form

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-01-12 CVE-2022-3145 Okta Open Redirect vulnerability in Okta Oidc Middleware

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.

4.7
2023-01-11 CVE-2021-46795 AMD Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

4.7
2023-01-10 CVE-2023-21536 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Event Tracing for Windows Information Disclosure Vulnerability

4.7
2023-01-10 CVE-2023-21766 Microsoft Race Condition vulnerability in Microsoft products

Windows Overlay Filter Information Disclosure Vulnerability

4.7
2023-01-09 CVE-2022-4882 Kaltura Cross-site Scripting vulnerability in Kaltura Mwembed

A vulnerability was found in kaltura mwEmbed up to 2.91.

4.7
2023-01-11 CVE-2022-0553 Zephyrproject Cleartext Transmission of Sensitive Information vulnerability in Zephyrproject Zephyr

There is no check to see if slot 0 is being uploaded from the device to the host.

4.6
2023-01-09 CVE-2022-22079 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Denial of service while processing fastboot flash command on mmc due to buffer over read

4.6
2023-01-13 CVE-2023-0221 Mcafee Improper Privilege Management vulnerability in Mcafee Application and Change Control

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.

4.4
2023-01-11 CVE-2021-26328 AMD Unspecified vulnerability in AMD products

Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.

4.4
2023-01-11 CVE-2021-26396 AMD Insufficient Verification of Data Authenticity vulnerability in AMD products

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.

4.4
2023-01-10 CVE-2022-4429 Avira Unquoted Search Path or Element vulnerability in Avira Security 1.1.71.30554

Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78

4.4
2023-01-14 CVE-2023-22471 Nextcloud Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

4.3
2023-01-13 CVE-2023-0293 Frenify Unspecified vulnerability in Frenify Mediamatic 2.7/2.8.1

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1.

4.3
2023-01-13 CVE-2023-0294 Frenify Unspecified vulnerability in Frenify Mediamatic 2.7/2.8.1

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1.

4.3
2023-01-12 CVE-2022-4365 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

4.3
2023-01-12 CVE-2022-4344 Wireshark Resource Exhaustion vulnerability in Wireshark

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

4.3
2023-01-11 CVE-2023-22487 Flarum Unspecified vulnerability in Flarum

Flarum is a forum software for building communities.

4.3
2023-01-11 CVE-2023-22945 Mediawiki
Fedoraproject
Incorrect Authorization vulnerability in multiple products

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

4.3
2023-01-10 CVE-2022-38482 Mega Link Following vulnerability in Mega Hopex 15.2.0.6110

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.

4.3
2023-01-10 CVE-2022-45164 Archibus Unspecified vulnerability in Archibus web Central 2022.03.01.107

An issue was discovered in Archibus Web Central 2022.03.01.107.

4.3
2023-01-10 CVE-2022-45166 Archibus Unspecified vulnerability in Archibus web Central 2022.03.01.107

An issue was discovered in Archibus Web Central 2022.03.01.107.

4.3
2023-01-10 CVE-2022-45167 Archibus Unspecified vulnerability in Archibus web Central 2022.03.01.107

An issue was discovered in Archibus Web Central 2022.03.01.107.

4.3
2023-01-10 CVE-2023-0141 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3
2023-01-10 CVE-2022-4705 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59.

4.3
2023-01-10 CVE-2022-4711 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59.

4.3
2023-01-09 CVE-2022-3923 Activecampaign Missing Authorization vulnerability in Activecampaign for Woocommerce 1.9.6

The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.

4.3
2023-01-09 CVE-2022-4103 Royal Elementor Addons Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template.

4.3
2023-01-09 CVE-2022-4426 Wpswings Unspecified vulnerability in Wpswings Mautic Integration for Woocommerce

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-01-13 CVE-2023-0091 Redhat Incorrect Authorization vulnerability in Redhat Keycloak

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow.

3.8
2023-01-12 CVE-2022-4342 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.

3.8
2023-01-13 CVE-2023-22489 Flarum Missing Authorization vulnerability in Flarum

Flarum is a discussion platform for websites.

3.5
2023-01-10 CVE-2023-22469 Nextcloud Insecure Storage of Sensitive Information vulnerability in Nextcloud Deck

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.

3.5
2023-01-09 CVE-2022-3343 2Code Unspecified vulnerability in 2Code Wpqa Builder 5.2/5.7/5.9

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.

3.5
2023-01-10 CVE-2023-21759 Microsoft Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

3.3
2023-01-09 CVE-2022-4102 Royal Elementor Addons Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template.

3.1
2023-01-11 CVE-2023-20528 AMD Improper Input Validation vulnerability in AMD products

Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.

2.4
2023-01-09 CVE-2023-22473 Nextcloud Improper Access Control vulnerability in Nextcloud Talk

Talk-Android enables users to have video & audio calls through Nextcloud on Android.

2.1