Weekly Vulnerabilities Reports > January 9 to 15, 2023
Overview
694 new vulnerabilities reported during this period, including 168 critical vulnerabilities and 291 high severity vulnerabilities. This weekly summary report vulnerabilities in 1046 products from 232 vendors including Microsoft, Insteon, Qualcomm, AMD, and Juniper. Vulnerabilities are notably categorized as "SQL Injection", "Stack-based Buffer Overflow", "Out-of-bounds Write", "Cross-site Scripting", and "Improper Input Validation".
- 486 reported vulnerabilities are remotely exploitables.
- 183 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 339 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 98 reported vulnerabilities.
- Insteon has the most reported critical vulnerabilities, with 80 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
168 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-11 | CVE-2017-16256 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16257 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16258 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16259 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16260 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16262 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16263 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16264 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16265 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16266 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16267 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16268 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16269 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16270 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16271 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16272 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16273 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16274 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16275 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16276 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16277 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16278 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16279 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16280 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16281 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16282 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16283 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16284 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16285 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16286 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16287 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16288 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16289 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16290 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16291 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16292 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16293 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16294 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16295 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16296 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16297 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16298 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16299 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16300 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16301 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16302 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16303 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16304 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16305 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16306 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16307 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16308 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16309 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16310 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16311 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16312 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16313 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16314 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16315 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16316 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16317 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16318 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16319 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16320 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16321 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16322 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16323 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16324 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16325 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16326 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16327 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16328 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16329 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16330 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16331 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16332 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16333 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16334 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16335 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-11 | CVE-2017-16336 | Insteon | Stack-based Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 9.9 |
2023-01-15 | CVE-2023-0307 | Phpmyfaq | Weak Password Requirements vulnerability in PHPmyfaq Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 9.8 |
2023-01-15 | CVE-2023-0311 | Phpmyfaq | Improper Authentication vulnerability in PHPmyfaq Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 9.8 |
2023-01-15 | CVE-2018-25075 | Obridge Project | SQL Injection vulnerability in Obridge Project Obridge A vulnerability classified as critical has been found in karsany OBridge up to 1.3. | 9.8 |
2023-01-15 | CVE-2016-15018 | Krail JPA Project | SQL Injection vulnerability in Krail-Jpa Project Krail-Jpa A vulnerability was found in krail-jpa up to 0.9.1. | 9.8 |
2023-01-15 | CVE-2015-10050 | Mirna Database BY PHP Mysql Project | SQL Injection vulnerability in Mirna Database BY PHP Mysql Project Mirna Database BY PHP Mysql A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. | 9.8 |
2023-01-15 | CVE-2015-10051 | Discussion Board Project | SQL Injection vulnerability in Discussion-Board Project Discussion-Board A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. | 9.8 |
2023-01-15 | CVE-2015-10044 | Sqldump Project | SQL Injection vulnerability in Sqldump Project Sqldump A vulnerability classified as critical was found in gophergala sqldump. | 9.8 |
2023-01-15 | CVE-2015-10045 | Project Todolist Project | SQL Injection vulnerability in Project Todolist Project Todolist A vulnerability, which was classified as critical, was found in tutrantta project_todolist. | 9.8 |
2023-01-15 | CVE-2015-10046 | Lolfeedback Project | SQL Injection vulnerability in Lolfeedback Project Lolfeedback A vulnerability has been found in lolfeedback and classified as critical. | 9.8 |
2023-01-15 | CVE-2015-10047 | School Register Project | SQL Injection vulnerability in School-Register Project School-Register A vulnerability was found in KYUUBl school-register. | 9.8 |
2023-01-15 | CVE-2015-10048 | Desafio Buzz Woody Project | SQL Injection vulnerability in Desafio Buzz Woody Project Desafio Buzz Woody A vulnerability was found in bmattoso desafio_buzz_woody. | 9.8 |
2023-01-15 | CVE-2014-125077 | Searx Stats Project | SQL Injection vulnerability in Searx Stats Project Searx Stats A vulnerability, which was classified as critical, has been found in pointhi searx_stats. | 9.8 |
2023-01-15 | CVE-2014-125079 | Pontifex Http Project | SQL Injection vulnerability in Pontifex.Http Project Pontifex.Http A vulnerability was found in agy pontifex.http. | 9.8 |
2023-01-15 | CVE-2022-4889 | Stracker Project | SQL Injection vulnerability in Stracker Project Stracker A vulnerability classified as critical was found in visegripped Stracker. | 9.8 |
2023-01-14 | CVE-2015-10020 | Cis450Project Project | SQL Injection vulnerability in Cis450Project Project Cis450Project A vulnerability has been found in ssn2013 cis450Project and classified as critical. | 9.8 |
2023-01-14 | CVE-2023-0299 | Publify Project | Improper Input Validation vulnerability in Publify Project Publify Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | 9.8 |
2023-01-14 | CVE-2022-1812 | Publify Project | Integer Overflow or Wraparound vulnerability in Publify Project Publify Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. | 9.8 |
2023-01-14 | CVE-2023-0297 | Pyload | Code Injection vulnerability in Pyload Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | 9.8 |
2023-01-14 | CVE-2023-22480 | Fit2Cloud | Incorrect Authorization vulnerability in Fit2Cloud Kubeoperator KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. | 9.8 |
2023-01-14 | CVE-2023-22495 | Maif | Use of Hard-coded Credentials vulnerability in Maif Izanami Izanami is a shared configuration service well-suited for micro-service architecture implementation. | 9.8 |
2023-01-14 | CVE-2023-22496 | Netdata | Command Injection vulnerability in Netdata Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. | 9.8 |
2023-01-13 | CVE-2015-10042 | Aibattle Project | SQL Injection vulnerability in Aibattle Project Aibattle ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. | 9.8 |
2023-01-13 | CVE-2017-20169 | TON Masterserver Project | SQL Injection vulnerability in Ton-Masterserver Project Ton-Masterserver A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. | 9.8 |
2023-01-13 | CVE-2022-45299 | Webbrowser Project | Path Traversal vulnerability in Webbrowser Project Webbrowser An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | 9.8 |
2023-01-13 | CVE-2015-10041 | Aibattle Project | SQL Injection vulnerability in Aibattle Project Aibattle 20150810 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. | 9.8 |
2023-01-13 | CVE-2022-46954 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. | 9.8 |
2023-01-13 | CVE-2022-46955 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. | 9.8 |
2023-01-13 | CVE-2023-0281 | Online Flight Booking Management System Project | SQL Injection vulnerability in Online Flight Booking Management System Project Online Flight Booking Management System A vulnerability was found in SourceCodester Online Flight Booking Management System. | 9.8 |
2023-01-13 | CVE-2023-0283 | Online Flight Booking Management System Project | SQL Injection vulnerability in Online Flight Booking Management System Project Online Flight Booking Management System A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. | 9.8 |
2023-01-13 | CVE-2022-21191 | Global Modules Path Project | Unspecified vulnerability in Global-Modules-Path Project Global-Modules-Path Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | 9.8 |
2023-01-13 | CVE-2023-23566 | Axigen | Unspecified vulnerability in Axigen Mail Server 10.3.3.52 A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. | 9.8 |
2023-01-13 | CVE-2022-46502 | Online Student Enrollment System Project | SQL Injection vulnerability in Online Student Enrollment System Project Online Student Enrollment System 1.0 Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. | 9.8 |
2023-01-13 | CVE-2022-46471 | Online Health Care System Project | SQL Injection vulnerability in Online Health Care System Project Online Health Care System 1.0 Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. | 9.8 |
2023-01-13 | CVE-2022-46478 | Datax WEB Project | Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. | 9.8 |
2023-01-12 | CVE-2023-0256 | Online Food Ordering System Project | SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. | 9.8 |
2023-01-12 | CVE-2023-0257 | Online Food Ordering System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. | 9.8 |
2023-01-12 | CVE-2013-10011 | Classroom Engagement System Project | SQL Injection vulnerability in Classroom-Engagement-System Project Classroom-Engagement-System A vulnerability was found in aeharding classroom-engagement-system and classified as critical. | 9.8 |
2023-01-12 | CVE-2022-39184 | Exfo | Unspecified vulnerability in Exfo Bv-10 Firmware EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass. | 9.8 |
2023-01-12 | CVE-2022-39185 | Exfo | Use of Hard-coded Credentials vulnerability in Exfo Bv-10 Firmware EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. | 9.8 |
2023-01-12 | CVE-2022-3515 | Gnupg Gpg4Win | A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. | 9.8 |
2023-01-12 | CVE-2023-0243 | Tuzicms Project | SQL Injection vulnerability in Tuzicms Project Tuzicms 2.0.6 A vulnerability classified as critical has been found in TuziCMS 2.0.6. | 9.8 |
2023-01-12 | CVE-2023-0244 | Tuzicms Project | SQL Injection vulnerability in Tuzicms Project Tuzicms 2.0.6 A vulnerability classified as critical was found in TuziCMS 2.0.6. | 9.8 |
2023-01-12 | CVE-2023-0245 | Online Flight Booking Management System Project | SQL Injection vulnerability in Online Flight Booking Management System Project Online Flight Booking Management System A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. | 9.8 |
2023-01-11 | CVE-2022-4498 | TP Link | Out-of-bounds Write vulnerability in Tp-Link Archer C5 Firmware and Tl-Wr710N Firmware In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. | 9.8 |
2023-01-11 | CVE-2022-4873 | Netcommwireless | Out-of-bounds Write vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. | 9.8 |
2023-01-11 | CVE-2014-125075 | Gmail Servlet Project | SQL Injection vulnerability in Gmail-Servlet Project Gmail-Servlet A vulnerability was found in gmail-servlet and classified as critical. | 9.8 |
2023-01-11 | CVE-2014-125076 | Criminals Project | SQL Injection vulnerability in Criminals Project Criminals A vulnerability was found in NoxxieNl Criminals. | 9.8 |
2023-01-11 | CVE-2022-40615 | IBM | SQL Injection vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1 IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. | 9.8 |
2023-01-11 | CVE-2014-125074 | Voyager Project | SQL Injection vulnerability in Voyager Project Voyager A vulnerability was found in Nayshlok Voyager. | 9.8 |
2023-01-11 | CVE-2017-20168 | Piwallet Project | SQL Injection vulnerability in Piwallet Project Piwallet A vulnerability was found in jfm-so piWallet. | 9.8 |
2023-01-11 | CVE-2022-47859 | Lead Management System Project | SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0 Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. | 9.8 |
2023-01-11 | CVE-2022-47860 | Lead Management System Project | SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. | 9.8 |
2023-01-11 | CVE-2022-47861 | Lead Management System Project | SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. | 9.8 |
2023-01-11 | CVE-2022-47862 | Lead Management System Project | SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0 Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. | 9.8 |
2023-01-11 | CVE-2022-47864 | Lead Management System Project | SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. | 9.8 |
2023-01-11 | CVE-2022-47865 | Lead Management System Project | SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. | 9.8 |
2023-01-11 | CVE-2022-47866 | Lead Management System Project | SQL Injection vulnerability in Lead Management System Project Lead Management System 1.0 Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | 9.8 |
2023-01-11 | CVE-2022-34441 | Dell | Use of Hard-coded Credentials vulnerability in Dell EMC Secure Connect Gateway Policy Manager 5.10.00.00/5.12.00.00 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. | 9.8 |
2023-01-11 | CVE-2022-34440 | Dell | Use of Hard-coded Credentials vulnerability in Dell EMC Secure Connect Gateway Policy Manager 5.10.00.00/5.12.00.00 Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. | 9.8 |
2023-01-11 | CVE-2015-10036 | Dronfelipe Project | SQL Injection vulnerability in Dronfelipe Project Dronfelipe A vulnerability was found in kylebebak dronfelipe. | 9.8 |
2023-01-11 | CVE-2015-10037 | ACI Escola Project | SQL Injection vulnerability in ACI Escola Project ACI Escola A vulnerability, which was classified as critical, was found in ACI_Escola. | 9.8 |
2023-01-11 | CVE-2022-48253 | Nazgul | Path Traversal vulnerability in Nazgul Nostromo nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. | 9.8 |
2023-01-11 | CVE-2022-43389 | Zyxel | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | 9.8 |
2023-01-11 | CVE-2022-48252 | PI Alert Project | OS Command Injection vulnerability in Pi.Alert Project Pi.Alert 1.0 The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection. | 9.8 |
2023-01-10 | CVE-2022-4337 | Openvswitch Debian | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | 9.8 |
2023-01-10 | CVE-2022-4338 | Openvswitch Debian | Out-of-bounds Read vulnerability in multiple products An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | 9.8 |
2023-01-10 | CVE-2014-125073 | Voteapp Project | SQL Injection vulnerability in Voteapp Project Voteapp A vulnerability was found in mapoor voteapp. | 9.8 |
2023-01-10 | CVE-2016-15017 | Ecodev | Path Traversal vulnerability in Ecodev Media Upload A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. | 9.8 |
2023-01-10 | CVE-2022-3792 | Gullseye | SQL Injection vulnerability in Gullseye Terminal Operating System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection.This issue affects GullsEye terminal operating system: from unspecified before 5.0.13. | 9.8 |
2023-01-10 | CVE-2022-4422 | Bulutses | SQL Injection vulnerability in Bulutses Bulutdesk Callcenter Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. | 9.8 |
2023-01-10 | CVE-2022-43514 | Siemens | Path Traversal vulnerability in Siemens Automation License Manager A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). | 9.8 |
2023-01-10 | CVE-2017-20166 | Ecto Project | Unspecified vulnerability in Ecto Project Ecto 2.2.0 Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise. | 9.8 |
2023-01-10 | CVE-2023-22903 | Librephotos Project | Unspecified vulnerability in Librephotos Project Librephotos api/views/user.py in LibrePhotos before e19e539 has incorrect access control. | 9.8 |
2023-01-10 | CVE-2023-0014 | SAP | Authentication Bypass by Capture-replay vulnerability in SAP products SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. | 9.8 |
2023-01-10 | CVE-2023-0017 | SAP | Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50 An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. | 9.8 |
2023-01-09 | CVE-2014-125071 | Gribbit Project | Origin Validation Error vulnerability in Gribbit Project Gribbit A vulnerability was found in lukehutch Gribbit. | 9.8 |
2023-01-09 | CVE-2015-10034 | Workout Organizer Project | SQL Injection vulnerability in Workout-Organizer Project Workout-Organizer A vulnerability has been found in j-nowak workout-organizer and classified as critical. | 9.8 |
2023-01-09 | CVE-2015-10035 | Angular Test Reporter Project | SQL Injection vulnerability in Angular-Test-Reporter Project Angular-Test-Reporter A vulnerability was found in gperson angular-test-reporter and classified as critical. | 9.8 |
2023-01-09 | CVE-2022-47790 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=. | 9.8 |
2023-01-09 | CVE-2021-4311 | Talend | XXE vulnerability in Talend Open Studio A vulnerability classified as problematic was found in Talend Open Studio for MDM. | 9.8 |
2023-01-09 | CVE-2022-43974 | Matrixssl | Integer Overflow or Wraparound vulnerability in Matrixssl MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. | 9.8 |
2023-01-09 | CVE-2022-33265 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device. | 9.8 |
2023-01-09 | CVE-2022-25890 | Wifey Project | Unspecified vulnerability in Wifey Project Wifey All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. | 9.8 |
2023-01-11 | CVE-2022-42967 | Caret | Cross-site Scripting vulnerability in Caret Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. | 9.6 |
2023-01-14 | CVE-2023-22497 | Netdata | Exposure of Resource to Wrong Sphere vulnerability in Netdata Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. | 9.1 |
2023-01-13 | CVE-2022-3782 | Redhat | Path Traversal vulnerability in Redhat Keycloak 20.0.2 keycloak: path traversal via double URL encoding. | 9.1 |
2023-01-13 | CVE-2022-4616 | Deltaww | Command Injection vulnerability in Deltaww Dx-3021L9 Firmware The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. | 9.1 |
2023-01-12 | CVE-2023-22599 | Inhandnetworks | Use of a One-Way Hash with a Predictable Salt vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. | 9.1 |
291 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-14 | CVE-2015-10043 | Apollo Project | Path Traversal vulnerability in Apollo Project Apollo A vulnerability, which was classified as critical, was found in abreen Apollo. | 8.8 |
2023-01-14 | CVE-2023-22850 | Tiki | Deserialization of Untrusted Data vulnerability in Tiki Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call. | 8.8 |
2023-01-14 | CVE-2022-41955 | Autolabproject | Command Injection vulnerability in Autolabproject Autolab Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. | 8.8 |
2023-01-14 | CVE-2023-22853 | Tiki | Code Injection vulnerability in Tiki Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval. | 8.8 |
2023-01-13 | CVE-2022-42136 | Mailenable | Path Traversal vulnerability in Mailenable Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. | 8.8 |
2023-01-13 | CVE-2022-42289 | Nvidia | OS Command Injection vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 8.8 |
2023-01-13 | CVE-2022-42290 | Nvidia | OS Command Injection vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 8.8 |
2023-01-13 | CVE-2022-42279 | Nvidia | OS Command Injection vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 8.8 |
2023-01-13 | CVE-2022-41778 | Deltaww | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. | 8.8 |
2023-01-12 | CVE-2022-42272 | Nvidia | Classic Buffer Overflow vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges. | 8.8 |
2023-01-12 | CVE-2022-42273 | Nvidia | Classic Buffer Overflow vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | 8.8 |
2023-01-12 | CVE-2022-40983 | QT | Integer Overflow or Wraparound vulnerability in QT 6.3.2 An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. | 8.8 |
2023-01-12 | CVE-2022-43591 | QT | Heap-based Buffer Overflow vulnerability in QT 6.3.2 A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. | 8.8 |
2023-01-12 | CVE-2022-39182 | Mingham Smith | Unspecified vulnerability in Mingham-Smith Tardis 2000 1.6 H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. | 8.8 |
2023-01-12 | CVE-2022-46367 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | 8.8 |
2023-01-12 | CVE-2022-46368 | Maxum | Cross-Site Request Forgery (CSRF) vulnerability in Maxum Rumpus Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | 8.8 |
2023-01-12 | CVE-2022-46372 | Alotceriot | Improper Input Validation vulnerability in Alotceriot Ar7088H-A Firmware Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. | 8.8 |
2023-01-11 | CVE-2017-16261 | Insteon | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. | 8.8 |
2023-01-11 | CVE-2023-22952 | Sugarcrm | Improper Input Validation vulnerability in Sugarcrm 11.0.0/12.0.0 In SugarCRM before 12.0. | 8.8 |
2023-01-11 | CVE-2021-3966 | Zephyrproject | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | 8.8 |
2023-01-11 | CVE-2023-22959 | Webchess Project | SQL Injection vulnerability in Webchess Project Webchess 1.0.0 WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName). | 8.8 |
2023-01-11 | CVE-2022-43390 | Zyxel | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. | 8.8 |
2023-01-10 | CVE-2023-21549 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows SMB Witness Service Elevation of Privilege Vulnerability | 8.8 |
2023-01-10 | CVE-2023-21674 | Microsoft | Use After Free vulnerability in Microsoft products Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 8.8 |
2023-01-10 | CVE-2023-21676 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
2023-01-10 | CVE-2023-21681 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 |
2023-01-10 | CVE-2023-21732 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 |
2023-01-10 | CVE-2023-21742 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2023-01-10 | CVE-2023-21744 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2023-01-10 | CVE-2022-38490 | Easyvista | SQL Injection vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 8.8 |
2023-01-10 | CVE-2022-38492 | Easyvista | SQL Injection vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 8.8 |
2023-01-10 | CVE-2022-45165 | Archibus | SQL Injection vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 8.8 |
2023-01-10 | CVE-2023-0128 | Use After Free vulnerability in Google Chrome Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-01-10 | CVE-2023-0129 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. | 8.8 | |
2023-01-10 | CVE-2023-0134 | Use After Free vulnerability in Google Chrome Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. | 8.8 | |
2023-01-10 | CVE-2023-0135 | Use After Free vulnerability in Google Chrome Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. | 8.8 | |
2023-01-10 | CVE-2023-0136 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. | 8.8 | |
2023-01-10 | CVE-2023-0137 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-01-10 | CVE-2023-0138 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2023-01-10 | CVE-2022-47083 | Spitfire Project | Deserialization of Untrusted Data vulnerability in Spitfire Project Spitfire 1.0475 A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application. | 8.8 |
2023-01-10 | CVE-2022-4700 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. | 8.8 |
2023-01-10 | CVE-2022-4701 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. | 8.8 |
2023-01-10 | CVE-2022-46610 | 72Crm | Unrestricted Upload of File with Dangerous Type vulnerability in 72Crm Wukong CRM 9.0 72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. | 8.8 |
2023-01-10 | CVE-2022-45092 | Siemens | Path Traversal vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). | 8.8 |
2023-01-10 | CVE-2022-45093 | Siemens | Path Traversal vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). | 8.8 |
2023-01-10 | CVE-2022-45094 | Siemens | Command Injection vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). | 8.8 |
2023-01-10 | CVE-2023-0016 | SAP | SQL Injection vulnerability in SAP Business Planning and Consolidation 800/810 SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. | 8.8 |
2023-01-10 | CVE-2023-0022 | SAP | Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. | 8.8 |
2023-01-09 | CVE-2022-3417 | Bravenewcode | Unspecified vulnerability in Bravenewcode Wptouch The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog. | 8.8 |
2023-01-09 | CVE-2022-3679 | Kadencewp | Unspecified vulnerability in Kadencewp Starter Templates 1.2.17 The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 8.8 |
2023-01-09 | CVE-2014-125072 | Klattr Project | SQL Injection vulnerability in Klattr Project Klattr A vulnerability classified as critical has been found in CherishSin klattr. | 8.8 |
2023-01-09 | CVE-2023-22472 | Nextcloud | Cross-Site Request Forgery (CSRF) vulnerability in Nextcloud Desktop 3.6.1 Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 8.8 |
2023-01-09 | CVE-2022-2196 | Linux Debian | Insecure Default Initialization of Resource vulnerability in multiple products A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. | 8.8 |
2023-01-09 | CVE-2022-22088 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote | 8.8 |
2023-01-09 | CVE-2022-35281 | IBM | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. | 8.8 |
2023-01-12 | CVE-2023-22601 | Inhandnetworks | Use of Insufficiently Random Values vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. | 8.6 |
2023-01-12 | CVE-2022-4037 | Gitlab | Race Condition vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 8.5 |
2023-01-12 | CVE-2017-14454 | Insteon | Classic Buffer Overflow vulnerability in Insteon HUB Firmware 1012 Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. | 8.5 |
2023-01-13 | CVE-2022-46093 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 is vulnerable to SQL Injection. | 8.2 |
2023-01-13 | CVE-2022-42276 | Nvidia | Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | 8.2 |
2023-01-13 | CVE-2022-42277 | Nvidia | Missing Authentication for Critical Function vulnerability in Nvidia DGX Station A100 Firmware NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | 8.2 |
2023-01-11 | CVE-2022-43393 | Zyxel | Improper Check for Unusual or Exceptional Conditions vulnerability in Zyxel products An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. | 8.2 |
2023-01-14 | CVE-2022-45353 | Muffingroup | Incorrect Authorization vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1 Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | 8.1 |
2023-01-12 | CVE-2023-22600 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. | 8.1 |
2023-01-10 | CVE-2023-21535 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
2023-01-10 | CVE-2023-21543 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
2023-01-10 | CVE-2023-21546 | Microsoft | Race Condition vulnerability in Microsoft products Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
2023-01-10 | CVE-2023-21548 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
2023-01-10 | CVE-2023-21555 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
2023-01-10 | CVE-2023-21556 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
2023-01-10 | CVE-2023-21679 | Microsoft | Race Condition vulnerability in Microsoft products Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 8.1 |
2023-01-10 | CVE-2022-35401 | Asus | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |
2023-01-10 | CVE-2022-4703 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. | 8.1 |
2023-01-10 | CVE-2022-4704 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. | 8.1 |
2023-01-11 | CVE-2015-10038 | Pplv2 Project | SQL Injection vulnerability in Pplv2 Project Pplv2 A vulnerability was found in nym3r0s pplv2. | 8.0 |
2023-01-11 | CVE-2015-10039 | Domino Project | SQL Injection vulnerability in Domino Project Domino A vulnerability was found in dobos domino. | 8.0 |
2023-01-11 | CVE-2020-36650 | GRY Project | Command Injection vulnerability in GRY Project GRY A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. | 8.0 |
2023-01-11 | CVE-2022-4428 | Cloudflare | Improper Input Validation vulnerability in Cloudflare Warp support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. | 8.0 |
2023-01-10 | CVE-2023-21745 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.0 |
2023-01-10 | CVE-2023-21762 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 8.0 |
2023-01-15 | CVE-2023-0302 | Radare | Injection vulnerability in Radare Radare2 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | 7.8 |
2023-01-13 | CVE-2023-21594 | Adobe | Heap-based Buffer Overflow vulnerability in Adobe Incopy 17.0/18.0 Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-13 | CVE-2023-21595 | Adobe | Out-of-bounds Write vulnerability in Adobe Incopy 17.0/18.0 Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-13 | CVE-2023-21596 | Adobe | Improper Input Validation vulnerability in Adobe Incopy 17.0/18.0 Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-13 | CVE-2023-21587 | Adobe | Heap-based Buffer Overflow vulnerability in Adobe Indesign 17.2.1/18.0 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-13 | CVE-2023-21588 | Adobe | Improper Input Validation vulnerability in Adobe Indesign 17.2.1/18.0 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-13 | CVE-2023-21589 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign 17.2.1/18.0 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-13 | CVE-2023-21590 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign 17.2.1/18.0 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2023-01-13 | CVE-2023-0288 | VIM | Heap-based Buffer Overflow vulnerability in VIM Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. | 7.8 |
2023-01-13 | CVE-2022-3841 | Redhat | Server-Side Request Forgery (SSRF) vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 RHACM: unauthenticated SSRF in console API endpoint. | 7.8 |
2023-01-13 | CVE-2022-42268 | Nvidia | Code Injection vulnerability in Nvidia products Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. | 7.8 |
2023-01-13 | CVE-2022-42286 | Nvidia | Unspecified vulnerability in Nvidia Sbios DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges. | 7.8 |
2023-01-13 | CVE-2022-42287 | Nvidia | Unrestricted Upload of File with Dangerous Type vulnerability in Nvidia BMC NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | 7.8 |
2023-01-13 | CVE-2022-42278 | Nvidia | Unspecified vulnerability in Nvidia BMC NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering. | 7.8 |
2023-01-13 | CVE-2022-42280 | Nvidia | Path Traversal vulnerability in Nvidia BMC NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | 7.8 |
2023-01-13 | CVE-2022-42283 | Nvidia | Classic Buffer Overflow vulnerability in Nvidia BMC NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | 7.8 |
2023-01-13 | CVE-2022-42285 | Nvidia | Unspecified vulnerability in Nvidia Sbios DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. | 7.8 |
2023-01-13 | CVE-2022-3159 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. | 7.8 |
2023-01-13 | CVE-2022-3160 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. | 7.8 |
2023-01-13 | CVE-2022-3161 | Siemens | Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. | 7.8 |
2023-01-13 | CVE-2022-42274 | Nvidia | Classic Buffer Overflow vulnerability in Nvidia BMC NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | 7.8 |
2023-01-13 | CVE-2023-23559 | Linux Netapp Debian | Integer Overflow or Wraparound vulnerability in multiple products In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | 7.8 |
2023-01-12 | CVE-2022-46623 | Judging Management System Project | SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0 Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 7.8 |
2023-01-12 | CVE-2022-3977 | Linux | Use After Free vulnerability in Linux Kernel 6.1 A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. | 7.8 |
2023-01-12 | CVE-2023-0247 | Bloom Project | Uncontrolled Search Path Element vulnerability in Bloom Project Bloom Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1. | 7.8 |
2023-01-11 | CVE-2022-4696 | Linux | Use After Free vulnerability in Linux Kernel There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. | 7.8 |
2023-01-11 | CVE-2021-26316 | AMD | Improper Input Validation vulnerability in AMD products Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. | 7.8 |
2023-01-11 | CVE-2021-26398 | AMD | Out-of-bounds Write vulnerability in AMD products Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. | 7.8 |
2023-01-11 | CVE-2021-26409 | AMD | Classic Buffer Overflow vulnerability in AMD Milanpi Firmware Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity. | 7.8 |
2023-01-11 | CVE-2022-42271 | Nvidia | Classic Buffer Overflow vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution | 7.8 |
2023-01-10 | CVE-2023-21524 | Microsoft | Unspecified vulnerability in Microsoft products Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21537 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21541 | Microsoft | Unspecified vulnerability in Microsoft products Windows Task Scheduler Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21551 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21552 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows GDI Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21558 | Microsoft | Unspecified vulnerability in Microsoft products Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21561 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21675 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21678 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21680 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21724 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft DWM Core Library Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21726 | Microsoft | Unspecified vulnerability in Microsoft products Windows Credential Manager User Interface Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21730 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21734 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21735 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21736 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21737 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21738 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21746 | Microsoft | Unspecified vulnerability in Microsoft products Windows NTLM Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21747 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21748 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21749 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21754 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21755 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21763 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21764 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21765 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21767 | Microsoft | Unspecified vulnerability in Microsoft products Windows Overlay Filter Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21768 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 and Windows Server 2022 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21772 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21773 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21774 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21779 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Visual Studio Code Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21780 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21781 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21782 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21783 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21784 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21785 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21786 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21787 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21788 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21789 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21790 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21791 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21792 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2023-21793 | Microsoft | Unspecified vulnerability in Microsoft 3D Builder 3D Builder Remote Code Execution Vulnerability | 7.8 |
2023-01-10 | CVE-2022-36443 | Zebra | Unspecified vulnerability in Zebra Enterprise Home Screen 4.1.19 An issue was discovered in Zebra Enterprise Home Screen 4.1.19. | 7.8 |
2023-01-10 | CVE-2022-47935 | Siemens | Out-of-bounds Write vulnerability in Siemens JT Open Toolkit, JT Utilities and Solid Edge A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). | 7.8 |
2023-01-10 | CVE-2022-47967 | Siemens | Out-of-bounds Write vulnerability in Siemens Solid Edge A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). | 7.8 |
2023-01-10 | CVE-2022-4294 | Avira Norton Avast AVG | Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 7.8 |
2023-01-09 | CVE-2022-36925 | Zoom | Use of Hard-coded Credentials vulnerability in Zoom Rooms Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. | 7.8 |
2023-01-09 | CVE-2022-36926 | Zoom | Unspecified vulnerability in Zoom Rooms Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. | 7.8 |
2023-01-09 | CVE-2022-36927 | Zoom | Unspecified vulnerability in Zoom Rooms Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. | 7.8 |
2023-01-09 | CVE-2022-36929 | Zoom | Unspecified vulnerability in Zoom Rooms The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. | 7.8 |
2023-01-09 | CVE-2022-36930 | Zoom | Unspecified vulnerability in Zoom Rooms Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. | 7.8 |
2023-01-09 | CVE-2022-23508 | Weave | Files or Directories Accessible to External Parties vulnerability in Weave Gitops Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. | 7.8 |
2023-01-09 | CVE-2022-25715 | Qualcomm | Incorrect Type Conversion or Cast vulnerability in Qualcomm products Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields | 7.8 |
2023-01-09 | CVE-2022-25717 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption in display due to double free while allocating frame buffer memory | 7.8 |
2023-01-09 | CVE-2022-25721 | Qualcomm | Type Confusion vulnerability in Qualcomm products Memory corruption in video driver due to type confusion error during video playback | 7.8 |
2023-01-09 | CVE-2022-25746 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping. | 7.8 |
2023-01-09 | CVE-2022-33218 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in Automotive due to improper input validation. | 7.8 |
2023-01-09 | CVE-2022-33219 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer. | 7.8 |
2023-01-09 | CVE-2022-33266 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. | 7.8 |
2023-01-09 | CVE-2022-33274 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication. | 7.8 |
2023-01-09 | CVE-2022-33276 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command. | 7.8 |
2023-01-09 | CVE-2022-33300 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in Automotive Android OS due to improper input validation. | 7.8 |
2023-01-09 | CVE-2022-40516 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in Core due to stack-based buffer overflow. | 7.8 |
2023-01-09 | CVE-2022-40517 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in core due to stack-based buffer overflow | 7.8 |
2023-01-09 | CVE-2022-40520 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption due to stack-based buffer overflow in Core | 7.8 |
2023-01-09 | CVE-2022-43662 | Openharmony Openatom | Out-of-bounds Write vulnerability in multiple products Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. | 7.8 |
2023-01-09 | CVE-2022-45126 | Openharmony Openatom | Out-of-bounds Write vulnerability in multiple products Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. | 7.8 |
2023-01-09 | CVE-2023-0035 | Openatom | Authentication Bypass by Capture-replay vulnerability in Openatom Openharmony softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | 7.8 |
2023-01-09 | CVE-2023-0036 | Openatom | Authentication Bypass by Capture-replay vulnerability in Openatom Openharmony platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | 7.8 |
2023-01-12 | CVE-2017-5242 | Rapid7 | Use of Insufficiently Random Values vulnerability in Rapid7 Insightvm Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. | 7.7 |
2023-01-15 | CVE-2016-15019 | Jekbox Project | Path Traversal vulnerability in Jekbox Project Jekbox A vulnerability was found in tombh jekbox. | 7.5 |
2023-01-15 | CVE-2023-0303 | Online Food Ordering System V2 Project | SQL Injection vulnerability in Online Food Ordering System V2 Project Online Food Ordering System V2 A vulnerability was found in SourceCodester Online Food Ordering System. | 7.5 |
2023-01-15 | CVE-2023-0304 | Online Food Ordering System V2 Project | SQL Injection vulnerability in Online Food Ordering System V2 Project Online Food Ordering System V2 A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. | 7.5 |
2023-01-15 | CVE-2023-0305 | Online Food Ordering System V2 Project | SQL Injection vulnerability in Online Food Ordering System V2 Project Online Food Ordering System V2 A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. | 7.5 |
2023-01-15 | CVE-2023-23595 | Bluecatnetworks | XXE vulnerability in Bluecatnetworks Device Registration Portal 2.2 BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. | 7.5 |
2023-01-15 | CVE-2023-23590 | Mercedes Benz | Unspecified vulnerability in Mercedes-Benz Xentry Retail Data Storage Firmware 7.8.1 Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. | 7.5 |
2023-01-14 | CVE-2023-22602 | Apache Vmware | Interpretation Conflict vulnerability in multiple products When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. | 7.5 |
2023-01-14 | CVE-2023-22478 | Fit2Cloud | Missing Authorization vulnerability in Fit2Cloud Kubepi KubePi is a modern Kubernetes panel. | 7.5 |
2023-01-13 | CVE-2022-41721 | Golang | HTTP Request Smuggling vulnerability in Golang H2C A request smuggling attack is possible when using MaxBytesHandler. | 7.5 |
2023-01-13 | CVE-2021-36204 | Johnsoncontrols | Insufficiently Protected Credentials vulnerability in Johnsoncontrols products Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text. | 7.5 |
2023-01-13 | CVE-2023-22493 | Rsshub | Server-Side Request Forgery (SSRF) vulnerability in Rsshub 20210125 RSSHub is an open source RSS feed generator. | 7.5 |
2023-01-13 | CVE-2022-3693 | Fileorbis | Path Traversal vulnerability in Fileorbis The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability. | 7.5 |
2023-01-13 | CVE-2022-48256 | Technitium | Infinite Loop vulnerability in Technitium DNS Server Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records. | 7.5 |
2023-01-13 | CVE-2022-46463 | Linuxfoundation | Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. | 7.5 |
2023-01-13 | CVE-2023-22391 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22393 | Juniper | Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper Junos and Junos OS Evolved An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22394 | Juniper | Unspecified vulnerability in Juniper Junos An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). | 7.5 |
2023-01-13 | CVE-2023-22396 | Juniper | Resource Exhaustion vulnerability in Juniper Junos An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22399 | Juniper | Classic Buffer Overflow vulnerability in Juniper Junos When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. | 7.5 |
2023-01-13 | CVE-2023-22400 | Juniper | Resource Exhaustion vulnerability in Juniper Junos OS Evolved An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22401 | Juniper | Improper Validation of Array Index vulnerability in Juniper Junos and Junos OS Evolved An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22403 | Juniper | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. | 7.5 |
2023-01-13 | CVE-2023-22408 | Juniper | Improper Validation of Array Index vulnerability in Juniper Junos An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22411 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22412 | Juniper | Improper Locking vulnerability in Juniper Junos An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22413 | Juniper | Unspecified vulnerability in Juniper Junos An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22415 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22416 | Juniper | Classic Buffer Overflow vulnerability in Juniper Junos A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). | 7.5 |
2023-01-13 | CVE-2023-22417 | Juniper | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). | 7.5 |
2023-01-12 | CVE-2022-25026 | Rocketsoftware | Server-Side Request Forgery (SSRF) vulnerability in Rocketsoftware Trufusion Enterprise A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. | 7.5 |
2023-01-12 | CVE-2022-25027 | Rocketsoftware | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Rocketsoftware Trufusion Enterprise The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked. | 7.5 |
2023-01-12 | CVE-2022-4743 | Libsdl Redhat | Memory Leak vulnerability in multiple products A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. | 7.5 |
2023-01-12 | CVE-2022-46370 | Maxum | Insufficient Verification of Data Authenticity vulnerability in Maxum Rumpus Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification. | 7.5 |
2023-01-12 | CVE-2022-3613 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 7.5 |
2023-01-12 | CVE-2022-4167 | Gitlab | Incorrect Authorization vulnerability in Gitlab Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them. | 7.5 |
2023-01-11 | CVE-2022-4874 | Netcommwireless | Improper Authentication vulnerability in Netcommwireless Nf20 Firmware, Nf20Mesh Firmware and Nl1902 Firmware Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. | 7.5 |
2023-01-11 | CVE-2022-4499 | TP Link | Information Exposure Through Discrepancy vulnerability in Tp-Link Archer C5 Firmware and Tl-Wr710N Firmware TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. | 7.5 |
2023-01-11 | CVE-2018-25074 | Skeemas Project | Unspecified vulnerability in Skeemas Project Skeemas A vulnerability was found in Prestaul skeemas and classified as problematic. | 7.5 |
2023-01-11 | CVE-2020-36649 | Papaparse | Unspecified vulnerability in Papaparse 5.1.0/5.1.1 A vulnerability was found in mholt PapaParse up to 5.1.x. | 7.5 |
2023-01-11 | CVE-2023-20522 | AMD | Improper Input Validation vulnerability in AMD Milanpi Firmware and Romepi Firmware Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | 7.5 |
2023-01-11 | CVE-2023-20529 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. | 7.5 |
2023-01-11 | CVE-2023-20530 | AMD | Improper Input Validation vulnerability in AMD products Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | 7.5 |
2023-01-11 | CVE-2023-20531 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. | 7.5 |
2023-01-10 | CVE-2022-46449 | Musicpd | Out-of-bounds Write vulnerability in Musicpd Music Player Daemon 0.23.10 An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 |
2023-01-10 | CVE-2022-4379 | Linux Fedoraproject | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. | 7.5 |
2023-01-10 | CVE-2023-21527 | Microsoft | Unspecified vulnerability in Microsoft products Windows iSCSI Service Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21538 | Microsoft Fedoraproject | .NET Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21539 | Microsoft | Unspecified vulnerability in Microsoft products Windows Authentication Remote Code Execution Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21547 | Microsoft | Resource Exhaustion vulnerability in Microsoft products Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21557 | Microsoft | Resource Exhaustion vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21677 | Microsoft | Unspecified vulnerability in Microsoft products Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21683 | Microsoft | Unspecified vulnerability in Microsoft products Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21728 | Microsoft | Unspecified vulnerability in Microsoft products Windows Netlogon Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21757 | Microsoft | Unspecified vulnerability in Microsoft products Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21758 | Microsoft | Unspecified vulnerability in Microsoft products Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 7.5 |
2023-01-10 | CVE-2023-21761 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 7.5 |
2023-01-10 | CVE-2022-38105 | Asus | Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
2023-01-10 | CVE-2022-38393 | Asus | Out-of-bounds Read vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
2023-01-10 | CVE-2022-38491 | Easyvista | Improper Restriction of Excessive Authentication Attempts vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. | 7.5 |
2023-01-10 | CVE-2022-46163 | Opensuse | SQL Injection vulnerability in Opensuse Travel Support Program Travel support program is a rails app to support the travel support program of openSUSE (TSP). | 7.5 |
2023-01-10 | CVE-2022-4636 | Blackbox | Path Traversal vulnerability in Blackbox products Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion. | 7.5 |
2023-01-10 | CVE-2022-43513 | Siemens | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Siemens Automation License Manager A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). | 7.5 |
2023-01-10 | CVE-2022-48251 | ARM | Information Exposure Through Discrepancy vulnerability in ARM products The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. | 7.5 |
2023-01-10 | CVE-2023-22320 | Openam | Path Traversal vulnerability in Openam 4.1.0 OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). | 7.5 |
2023-01-10 | CVE-2023-22895 | Bzip2 Project | Integer Overflow or Wraparound vulnerability in Bzip2 Project Bzip2 The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. | 7.5 |
2023-01-09 | CVE-2022-43972 | Linksys | NULL Pointer Dereference vulnerability in Linksys Wrt54Gl Firmware A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. | 7.5 |
2023-01-09 | CVE-2023-22477 | Mercurius Project | Unspecified vulnerability in Mercurius Project Mercurius Mercurius is a GraphQL adapter for Fastify. | 7.5 |
2023-01-09 | CVE-2017-20165 | Debug Project | Unspecified vulnerability in Debug Project Debug A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. | 7.5 |
2023-01-09 | CVE-2022-33290 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed. | 7.5 |
2023-01-09 | CVE-2022-33299 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data. | 7.5 |
2023-01-13 | CVE-2022-3143 | Redhat | Information Exposure Through Discrepancy vulnerability in Redhat products wildfly-elytron: possible timing attacks via use of unsafe comparator. | 7.4 |
2023-01-13 | CVE-2023-21597 | Adobe | Out-of-bounds Write vulnerability in Adobe Incopy 17.0/18.0 Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.3 |
2023-01-11 | CVE-2023-22947 | Shibboleth | Uncontrolled Search Path Element vulnerability in Shibboleth Service Provider Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. | 7.3 |
2023-01-14 | CVE-2023-22851 | Tiki | Unrestricted Upload of File with Dangerous Type vulnerability in Tiki Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. | 7.2 |
2023-01-13 | CVE-2022-46946 | Helmet Store Showroom Site Project | SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0 Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand. | 7.2 |
2023-01-13 | CVE-2022-46947 | Helmet Store Showroom Site Project | SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0 Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | 7.2 |
2023-01-13 | CVE-2022-46949 | Helmet Store Showroom Site Project | SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0 Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. | 7.2 |
2023-01-13 | CVE-2022-46950 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. | 7.2 |
2023-01-13 | CVE-2022-46951 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. | 7.2 |
2023-01-13 | CVE-2022-46952 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user. | 7.2 |
2023-01-13 | CVE-2022-46953 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. | 7.2 |
2023-01-13 | CVE-2022-46956 | Dynamic Transaction Queuing System Project | SQL Injection vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | 7.2 |
2023-01-12 | CVE-2023-22598 | Inhandnetworks | OS Command Injection vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). | 7.2 |
2023-01-12 | CVE-2022-46472 | Helmet Store Showroom Site Project | SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0 Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete. | 7.2 |
2023-01-09 | CVE-2022-3416 | Bravenewcode | Unspecified vulnerability in Bravenewcode Wptouch The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 7.2 |
2023-01-09 | CVE-2022-4043 | WP Custom Admin Interface Project | Unspecified vulnerability in WP Custom Admin Interface Project WP Custom Admin Interface The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 7.2 |
2023-01-09 | CVE-2022-43970 | Linksys | Out-of-bounds Write vulnerability in Linksys Wrt54Gl Firmware A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. | 7.2 |
2023-01-09 | CVE-2022-43971 | Linksys | OS Command Injection vulnerability in Linksys Wumc710 Firmware 1.0.02 An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). | 7.2 |
2023-01-09 | CVE-2022-43973 | Linksys | OS Command Injection vulnerability in Linksys Wrt54Gl Firmware An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. | 7.2 |
2023-01-13 | CVE-2022-42275 | Nvidia | Missing Authentication for Critical Function vulnerability in Nvidia BMC NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. | 7.1 |
2023-01-12 | CVE-2022-2155 | Hitachienergy | Unspecified vulnerability in Hitachienergy Lumada Asset Performance Management A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. | 7.1 |
2023-01-11 | CVE-2021-26402 | AMD | Out-of-bounds Write vulnerability in AMD products Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability. | 7.1 |
2023-01-11 | CVE-2021-46779 | AMD | Out-of-bounds Write vulnerability in AMD products Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. | 7.1 |
2023-01-10 | CVE-2023-21741 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Visio Information Disclosure Vulnerability | 7.1 |
2023-01-10 | CVE-2023-21750 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.1 |
2023-01-10 | CVE-2023-21752 | Microsoft | Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows 7 Windows Backup Service Elevation of Privilege Vulnerability | 7.1 |
2023-01-10 | CVE-2023-21760 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 |
2023-01-10 | CVE-2022-36441 | Zebra | Unspecified vulnerability in Zebra Enterprise Home Screen 4.1.19 An issue was discovered in Zebra Enterprise Home Screen 4.1.19. | 7.1 |
2023-01-09 | CVE-2022-36928 | Zoom | Path Traversal vulnerability in Zoom Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. | 7.1 |
2023-01-10 | CVE-2023-21531 | Microsoft | Improper Privilege Management vulnerability in Microsoft Azure Service Fabric 8.2/9.0/9.1 Azure Service Fabric Container Elevation of Privilege Vulnerability | 7.0 |
2023-01-10 | CVE-2023-21532 | Microsoft | Unspecified vulnerability in Microsoft products Windows GDI Elevation of Privilege Vulnerability | 7.0 |
2023-01-10 | CVE-2023-21542 | Microsoft | Improper Privilege Management vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.0 |
2023-01-10 | CVE-2023-21733 | Microsoft | Race Condition vulnerability in Microsoft products Windows Bind Filter Driver Elevation of Privilege Vulnerability | 7.0 |
2023-01-10 | CVE-2023-21739 | Microsoft | Unspecified vulnerability in Microsoft products Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.0 |
2023-01-10 | CVE-2023-21771 | Microsoft | Race Condition vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | 7.0 |
2023-01-09 | CVE-2022-25716 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Memory corruption in Multimedia Framework due to unsafe access to the data members | 7.0 |
226 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-10 | CVE-2023-21563 | Microsoft | Unspecified vulnerability in Microsoft products BitLocker Security Feature Bypass Vulnerability | 6.8 |
2023-01-10 | CVE-2022-38773 | Siemens | Unspecified vulnerability in Siemens products Affected devices do not contain an Immutable Root of Trust in Hardware. | 6.8 |
2023-01-13 | CVE-2022-42281 | Nvidia | Out-of-bounds Write vulnerability in Nvidia DGX A100 Firmware NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | 6.7 |
2023-01-10 | CVE-2023-0012 | SAP | Improper Access Control vulnerability in SAP Host Agent 7.21/7.22 In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. | 6.7 |
2023-01-12 | CVE-2022-3628 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel 6.1 A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. | 6.6 |
2023-01-10 | CVE-2023-21560 | Microsoft | Incorrect Authorization vulnerability in Microsoft products Windows Boot Manager Security Feature Bypass Vulnerability | 6.6 |
2023-01-14 | CVE-2022-2815 | Publify Project | Insecure Storage of Sensitive Information vulnerability in Publify Project Publify Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | 6.5 |
2023-01-14 | CVE-2023-0298 | Firefly III | Incorrect Authorization vulnerability in Firefly-Iii Firefly III Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. | 6.5 |
2023-01-14 | CVE-2022-23532 | Neo4J | Path Traversal vulnerability in Neo4J Awesome Procedures on Cyper APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions. | 6.5 |
2023-01-14 | CVE-2022-41956 | Autolabproject | Path Traversal vulnerability in Autolabproject Autolab Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. | 6.5 |
2023-01-14 | CVE-2023-22470 | Nextcloud | Improper Input Validation vulnerability in Nextcloud Deck Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 6.5 |
2023-01-14 | CVE-2023-22852 | Tiki | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | 6.5 |
2023-01-14 | CVE-2023-23589 | Torproject Debian Fedoraproject | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | 6.5 |
2023-01-13 | CVE-2015-10040 | Gitlearn Project | Improper Encoding or Escaping of Output vulnerability in Gitlearn Project Gitlearn A vulnerability was found in gitlearn. | 6.5 |
2023-01-13 | CVE-2022-48090 | Hotel Management System Project | SQL Injection vulnerability in Hotel Management System Project Hotel Management System 20220411 Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php. | 6.5 |
2023-01-13 | CVE-2023-0105 | Redhat | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in Keycloak. | 6.5 |
2023-01-13 | CVE-2023-22395 | Juniper | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). | 6.5 |
2023-01-13 | CVE-2023-22404 | Juniper | Out-of-bounds Write vulnerability in Juniper Junos An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). | 6.5 |
2023-01-13 | CVE-2023-22405 | Juniper | Unspecified vulnerability in Juniper Junos An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. | 6.5 |
2023-01-13 | CVE-2023-22406 | Juniper | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). | 6.5 |
2023-01-13 | CVE-2023-22407 | Juniper | Incomplete Cleanup vulnerability in Juniper Junos An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). | 6.5 |
2023-01-13 | CVE-2023-22410 | Juniper | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). | 6.5 |
2023-01-13 | CVE-2023-22414 | Juniper | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. | 6.5 |
2023-01-12 | CVE-2022-3437 | Samba Fedoraproject | Heap-based Buffer Overflow vulnerability in multiple products A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. | 6.5 |
2023-01-12 | CVE-2022-3592 | Samba Fedoraproject | Link Following vulnerability in multiple products A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. | 6.5 |
2023-01-12 | CVE-2022-4345 | Wireshark | Infinite Loop vulnerability in Wireshark Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | 6.5 |
2023-01-12 | CVE-2023-0227 | Pyload | Insufficient Session Expiration vulnerability in Pyload Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. | 6.5 |
2023-01-11 | CVE-2022-34335 | IBM | Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. | 6.5 |
2023-01-11 | CVE-2021-26403 | AMD | Unspecified vulnerability in AMD products Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. | 6.5 |
2023-01-11 | CVE-2023-20525 | AMD | Improper Input Validation vulnerability in AMD products Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | 6.5 |
2023-01-11 | CVE-2023-20527 | AMD | Improper Input Validation vulnerability in AMD products Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | 6.5 |
2023-01-11 | CVE-2022-43391 | Zyxel | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. | 6.5 |
2023-01-11 | CVE-2022-43392 | Zyxel | Classic Buffer Overflow vulnerability in Zyxel products A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request. | 6.5 |
2023-01-10 | CVE-2023-22479 | Fit2Cloud | Session Fixation vulnerability in Fit2Cloud Kubepi KubePi is a modern Kubernetes panel. | 6.5 |
2023-01-10 | CVE-2023-0130 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 | |
2023-01-10 | CVE-2023-0131 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. | 6.5 | |
2023-01-10 | CVE-2023-0132 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. | 6.5 | |
2023-01-10 | CVE-2023-0133 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. | 6.5 | |
2023-01-10 | CVE-2023-0139 | Improper Input Validation vulnerability in Google Chrome Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | 6.5 | |
2023-01-10 | CVE-2023-0140 | Unspecified vulnerability in Google Chrome Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. | 6.5 | |
2023-01-10 | CVE-2022-4702 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
2023-01-10 | CVE-2022-4707 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. | 6.5 |
2023-01-10 | CVE-2022-4708 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
2023-01-10 | CVE-2022-4709 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. | 6.5 |
2023-01-10 | CVE-2023-22898 | Circl | Improper Input Validation vulnerability in Circl Pandora workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb). | 6.5 |
2023-01-09 | CVE-2015-10033 | Merlinsboard Project | Incorrect Authorization vulnerability in Merlinsboard Project Merlinsboard A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. | 6.5 |
2023-01-09 | CVE-2022-46258 | Github | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. | 6.5 |
2023-01-09 | CVE-2022-33255 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. | 6.5 |
2023-01-09 | CVE-2022-33283 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check. | 6.5 |
2023-01-09 | CVE-2022-33284 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure due to buffer over-read in WLAN while parsing BTM action frame. | 6.5 |
2023-01-09 | CVE-2022-33285 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames. | 6.5 |
2023-01-09 | CVE-2022-33286 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames. | 6.5 |
2023-01-10 | CVE-2022-4382 | Linux | Use After Free vulnerability in Linux Kernel A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. | 6.4 |
2023-01-10 | CVE-2023-21725 | Microsoft | Race Condition vulnerability in Microsoft Windows Malicious Software Removal Tool 5.80 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | 6.3 |
2023-01-15 | CVE-2023-0312 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 6.1 |
2023-01-15 | CVE-2023-0314 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 6.1 |
2023-01-15 | CVE-2015-10052 | Gibb Modul 151 Project | Open Redirect vulnerability in Gibb-Modul-151 Project Gibb-Modul-151 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. | 6.1 |
2023-01-15 | CVE-2015-10049 | Course Builder Project | Cross-site Scripting vulnerability in Course-Builder Project Course-Builder A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. | 6.1 |
2023-01-14 | CVE-2017-20167 | Minichan | Cross-site Scripting vulnerability in Minichan A vulnerability, which was classified as problematic, was found in Minichan. | 6.1 |
2023-01-14 | CVE-2022-38467 | Crmperks | Cross-site Scripting vulnerability in Crmperks CRM Perks Forms Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | 6.1 |
2023-01-13 | CVE-2009-10001 | Cool PHP Captcha Project | Cross-site Scripting vulnerability in Cool-PHP-Captcha Project Cool-PHP-Captcha A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. | 6.1 |
2023-01-13 | CVE-2009-10002 | Fittr Flickr Project | Cross-site Scripting vulnerability in Fittr Flickr Project Fittr Flickr A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. | 6.1 |
2023-01-13 | CVE-2021-4312 | Rapidleech | Cross-site Scripting vulnerability in Rapidleech 2.3 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. | 6.1 |
2023-01-13 | CVE-2021-46872 | NIM Lang | Cross-site Scripting vulnerability in Nim-Lang NIM and Nimforum An issue was discovered in Nim before 1.6.2. | 6.1 |
2023-01-13 | CVE-2023-22397 | Juniper | Allocation of Resources Without Limits or Throttling vulnerability in Juniper Junos OS Evolved An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. | 6.1 |
2023-01-12 | CVE-2022-45728 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0 Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 6.1 |
2023-01-12 | CVE-2022-45729 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Doctor Appointment Management System 1.0.0 A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | 6.1 |
2023-01-12 | CVE-2022-46622 | Judging Management System Project | Cross-site Scripting vulnerability in Judging Management System Project Judging Management System 1.0 A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | 6.1 |
2023-01-12 | CVE-2023-0258 | Online Food Ordering System Project | Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. | 6.1 |
2023-01-12 | CVE-2012-10005 | PHP Form Builder Class Project | Cross-site Scripting vulnerability in PHP-Form-Builder-Class Project PHP-Form-Builder-Class A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. | 6.1 |
2023-01-12 | CVE-2022-39183 | Moodle | Open Redirect vulnerability in Moodle Saml Authentication Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | 6.1 |
2023-01-12 | CVE-2022-39187 | Maxum | Cross-site Scripting vulnerability in Maxum Rumpus Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. | 6.1 |
2023-01-12 | CVE-2023-0042 | Gitlab | Open Redirect vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. | 6.1 |
2023-01-11 | CVE-2013-10010 | Zerochplus Project | Cross-site Scripting vulnerability in Zerochplus Project Zerochplus A vulnerability classified as problematic has been found in zerochplus. | 6.1 |
2023-01-11 | CVE-2018-25073 | TS Ranksystem | Cross-site Scripting vulnerability in Ts-Ranksystem Tsn-Ranksystem A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. | 6.1 |
2023-01-11 | CVE-2021-46767 | AMD | Improper Input Validation vulnerability in AMD Milanpi Firmware and Romepi Firmware Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service. | 6.1 |
2023-01-11 | CVE-2012-10004 | Backdropcms | Cross-site Scripting vulnerability in Backdropcms Basic Cart 1.0/1.1 A vulnerability was found in backdrop-contrib Basic Cart on Drupal. | 6.1 |
2023-01-11 | CVE-2023-22958 | Syracom | Open Redirect vulnerability in Syracom Secure Login The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. | 6.1 |
2023-01-10 | CVE-2022-38481 | Mega | Cross-site Scripting vulnerability in Mega Hopex 15.2.0.6110 An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. | 6.1 |
2023-01-10 | CVE-2022-4710 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. | 6.1 |
2023-01-10 | CVE-2022-46823 | Mendix | Cross-site Scripting vulnerability in Mendix Saml 2.3.0/3.3.0/3.3.1 A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). | 6.1 |
2023-01-10 | CVE-2023-22911 | Mediawiki Fedoraproject | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 6.1 |
2023-01-10 | CVE-2021-46871 | Phoenixframework | Cross-site Scripting vulnerability in Phoenixframework Phoenix Html tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes. | 6.1 |
2023-01-10 | CVE-2023-0018 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. | 6.1 |
2023-01-10 | CVE-2023-0013 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2023-01-09 | CVE-2022-46603 | Inkdrop | Cross-site Scripting vulnerability in Inkdrop 5.4.1 An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file. | 6.1 |
2023-01-09 | CVE-2022-4301 | Sunshinephotocart | Unspecified vulnerability in Sunshinephotocart Sunshine Photo Cart The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | 6.1 |
2023-01-09 | CVE-2022-4310 | WP Slimstat | Unspecified vulnerability in Wp-Slimstat Slimstat Analytics The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs | 6.1 |
2023-01-09 | CVE-2022-4325 | Ifeelweb | Unspecified vulnerability in Ifeelweb Post Status Notifier Lite The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. | 6.1 |
2023-01-09 | CVE-2022-4368 | Cpkwebsolutions | Unspecified vulnerability in Cpkwebsolutions WP CSV 1.8.0.0 The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. | 6.1 |
2023-01-09 | CVE-2022-4374 | BG Bible References Project | Unspecified vulnerability in BG Bible References Project BG Bible References 3.18.4 The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | 6.1 |
2023-01-09 | CVE-2021-36603 | Tasmota Project | Cross-site Scripting vulnerability in Tasmota Project Tasmota 6.5.0 Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1". | 6.1 |
2023-01-09 | CVE-2023-0125 | Control ID Panel Project | Cross-site Scripting vulnerability in Control ID Panel Project Control ID Panel A vulnerability was found in Control iD Gerencia Web 1.30. | 6.1 |
2023-01-09 | CVE-2015-10032 | Healthmateweb Project | Cross-site Scripting vulnerability in Healthmateweb Project Healthmateweb A vulnerability was found in HealthMateWeb. | 6.1 |
2023-01-09 | CVE-2021-4310 | 01 Scripts | Cross-site Scripting vulnerability in 01-Scripts 01-Artikelsystem A vulnerability was found in 01-Scripts 01-Artikelsystem. | 6.1 |
2023-01-09 | CVE-2010-10004 | Simplesamlphp | Cross-site Scripting vulnerability in Simplesamlphp Information Cards Module 1.0/1.0.1/1.0.2 A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. | 6.1 |
2023-01-09 | CVE-2022-23509 | Weave | Cleartext Transmission of Sensitive Information vulnerability in Weave Gitops Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. | 6.0 |
2023-01-13 | CVE-2023-22402 | Juniper | Use After Free vulnerability in Juniper Junos OS Evolved A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). | 5.9 |
2023-01-12 | CVE-2023-22597 | Inhandnetworks | Cleartext Transmission of Sensitive Information vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. | 5.9 |
2023-01-11 | CVE-2022-46176 | Rust Lang | Improper Verification of Cryptographic Signature vulnerability in Rust-Lang Cargo Cargo is a Rust package manager. | 5.9 |
2023-01-11 | CVE-2023-22492 | Zitadel | Insufficient Session Expiration vulnerability in Zitadel ZITADEL is a combination of Auth0 and Keycloak. | 5.9 |
2023-01-11 | CVE-2022-4885 | Jefferson Project | Path Traversal vulnerability in Jefferson Project Jefferson 0.3 A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. | 5.9 |
2023-01-10 | CVE-2023-22899 | Zip4J Project | Origin Validation Error vulnerability in Zip4J Project Zip4J Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. | 5.9 |
2023-01-11 | CVE-2023-20523 | AMD | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. | 5.7 |
2023-01-10 | CVE-2023-0023 | SAP | Information Exposure vulnerability in SAP Bank Account Management 800/900 In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. | 5.7 |
2023-01-13 | CVE-2023-21598 | Adobe | Use After Free vulnerability in Adobe Incopy 17.0/18.0 Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-13 | CVE-2023-21599 | Adobe | Out-of-bounds Read vulnerability in Adobe Incopy 17.0/18.0 Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-13 | CVE-2023-21591 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-13 | CVE-2023-21592 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign 17.2.1/18.0 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2023-01-13 | CVE-2022-42282 | Nvidia | Unspecified vulnerability in Nvidia BMC NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. | 5.5 |
2023-01-13 | CVE-2022-42284 | Nvidia | Cleartext Storage of Sensitive Information vulnerability in Nvidia BMC NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. | 5.5 |
2023-01-13 | CVE-2023-22398 | Juniper | Access of Uninitialized Pointer vulnerability in Juniper Junos 15.1/19.1/19.2 An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). | 5.5 |
2023-01-13 | CVE-2023-22409 | Juniper | Improper Validation of Specified Quantity in Input vulnerability in Juniper Junos An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). | 5.5 |
2023-01-12 | CVE-2022-4842 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel 6.2 A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. | 5.5 |
2023-01-12 | CVE-2023-23456 | UPX Project Fedoraproject | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. | 5.5 |
2023-01-12 | CVE-2023-23457 | UPX Project Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. | 5.5 |
2023-01-12 | CVE-2022-39186 | Exfo | Incorrect Permission Assignment for Critical Resource vulnerability in Exfo Bv-10 Firmware EXFO - BV-10 Performance Endpoint Unit misconfiguration. | 5.5 |
2023-01-12 | CVE-2023-23454 | Linux Debian | Type Confusion vulnerability in multiple products cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 |
2023-01-12 | CVE-2023-23455 | Linux Debian | Type Confusion vulnerability in multiple products atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 |
2023-01-12 | CVE-2022-47927 | Mediawiki Fedoraproject | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 5.5 |
2023-01-12 | CVE-2022-24913 | Java Merge Sort Project | Exposure of Resource to Wrong Sphere vulnerability in Java-Merge-Sort Project Java-Merge-Sort Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | 5.5 |
2023-01-11 | CVE-2022-4457 | Cloudflare | Unspecified vulnerability in Cloudflare Warp Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. | 5.5 |
2023-01-11 | CVE-2022-4415 | Systemd Project | Unspecified vulnerability in Systemd Project Systemd A vulnerability was found in systemd. | 5.5 |
2023-01-11 | CVE-2022-4543 | Linux | Information Exposure Through Discrepancy vulnerability in Linux Kernel A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). | 5.5 |
2023-01-11 | CVE-2021-26343 | AMD | Exposure of Resource to Wrong Sphere vulnerability in AMD products Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. | 5.5 |
2023-01-11 | CVE-2021-26346 | AMD | Integer Overflow or Wraparound vulnerability in AMD products Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | 5.5 |
2023-01-11 | CVE-2021-26355 | AMD | Unspecified vulnerability in AMD products Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | 5.5 |
2023-01-11 | CVE-2021-26404 | AMD | Improper Input Validation vulnerability in AMD products Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | 5.5 |
2023-01-11 | CVE-2021-26407 | AMD | Use of Insufficiently Random Values vulnerability in AMD Romepi Firmware A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. | 5.5 |
2023-01-11 | CVE-2021-46768 | AMD | Out-of-bounds Read vulnerability in AMD Milanpi Firmware and Romepi Firmware Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | 5.5 |
2023-01-11 | CVE-2021-46791 | AMD | Out-of-bounds Write vulnerability in AMD Milanpi Firmware Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. | 5.5 |
2023-01-10 | CVE-2023-21540 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
2023-01-10 | CVE-2023-21550 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
2023-01-10 | CVE-2023-21559 | Microsoft | Unspecified vulnerability in Microsoft products Windows Cryptographic Information Disclosure Vulnerability | 5.5 |
2023-01-10 | CVE-2023-21753 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019 Event Tracing for Windows Information Disclosure Vulnerability | 5.5 |
2023-01-10 | CVE-2023-21776 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 5.5 |
2023-01-10 | CVE-2022-36442 | Zebra | Unspecified vulnerability in Zebra Enterprise Home Screen 4.1.19 An issue was discovered in Zebra Enterprise Home Screen 4.1.19. | 5.5 |
2023-01-09 | CVE-2022-22470 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. | 5.5 |
2023-01-09 | CVE-2022-25722 | Qualcomm | Use After Free vulnerability in Qualcomm products Information exposure in DSP services due to improper handling of freeing memory | 5.5 |
2023-01-09 | CVE-2022-25725 | Qualcomm | Release of Invalid Pointer or Reference vulnerability in Qualcomm products Denial of service in MODEM due to improper pointer handling | 5.5 |
2023-01-09 | CVE-2022-33252 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame. | 5.5 |
2023-01-09 | CVE-2022-33253 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames. | 5.5 |
2023-01-09 | CVE-2022-40518 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure due to buffer overread in Core | 5.5 |
2023-01-09 | CVE-2022-40519 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure due to buffer overread in Core | 5.5 |
2023-01-15 | CVE-2023-0306 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 |
2023-01-15 | CVE-2023-0308 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 |
2023-01-15 | CVE-2023-0309 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 |
2023-01-15 | CVE-2023-0310 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 |
2023-01-15 | CVE-2023-0313 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | 5.4 |
2023-01-15 | CVE-2014-125078 | Horizon Project | Cross-site Scripting vulnerability in Horizon Project Horizon A vulnerability was found in yanheven console and classified as problematic. | 5.4 |
2023-01-14 | CVE-2023-0300 | Opencollective | Cross-site Scripting vulnerability in Opencollective Alf.Io Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. | 5.4 |
2023-01-14 | CVE-2023-0301 | Opencollective | Cross-site Scripting vulnerability in Opencollective Alf.Io Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. | 5.4 |
2023-01-13 | CVE-2022-48091 | Hotel Management System Project | Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 20220411 Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php. | 5.4 |
2023-01-13 | CVE-2023-22491 | Gatsbyjs | Cross-site Scripting vulnerability in Gatsbyjs Gatsby Gatsby is a free and open source framework based on React that helps developers build websites and apps. | 5.4 |
2023-01-13 | CVE-2023-0289 | Webcalendar Project | Cross-site Scripting vulnerability in Webcalendar Project Webcalendar Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master. | 5.4 |
2023-01-13 | CVE-2023-0287 | Favorites WEB Project | Cross-site Scripting vulnerability in Favorites-Web Project Favorites-Web A vulnerability was found in ityouknow favorites-web. | 5.4 |
2023-01-13 | CVE-2022-42704 | Servicenow | Cross-site Scripting vulnerability in Servicenow Quebec/Rome/Sandiego A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget. | 5.4 |
2023-01-13 | CVE-2022-46438 | Douco | Cross-site Scripting vulnerability in Douco Douphp 1.720221118 A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | 5.4 |
2023-01-12 | CVE-2022-47102 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Student Study Center Management System 1.0 A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | 5.4 |
2023-01-12 | CVE-2023-22488 | Flarum | Missing Authorization vulnerability in Flarum Flarum is a forum software for building communities. | 5.4 |
2023-01-12 | CVE-2022-46369 | Maxum | Cross-site Scripting vulnerability in Maxum Rumpus Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields. | 5.4 |
2023-01-12 | CVE-2022-46503 | Online Student Enrollment System Project | Cross-site Scripting vulnerability in Online Student Enrollment System Project Online Student Enrollment System 1.0 A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. | 5.4 |
2023-01-12 | CVE-2023-0246 | Espcms | Cross-site Scripting vulnerability in Espcms P8.21120101 A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. | 5.4 |
2023-01-12 | CVE-2022-3573 | Gitlab ABB | Cross-site Scripting vulnerability in multiple products An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 5.4 |
2023-01-10 | CVE-2022-38489 | Easyvista | Cross-site Scripting vulnerability in Easyvista Service Manager 2020.2.125.3/2022.1.109.0.03 An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting (XSS). | 5.4 |
2023-01-10 | CVE-2023-0015 | SAP | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420 In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. | 5.4 |
2023-01-09 | CVE-2022-4391 | Vision Interactive Project | Unspecified vulnerability in Vision Interactive Project Vision Interactive The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 5.4 |
2023-01-09 | CVE-2022-4392 | Ipanorama 360 Wordpress Virtual Tour Builder Project | Unspecified vulnerability in Ipanorama 360 Wordpress Virtual Tour Builder Project Ipanorama 360 Wordpress Virtual Tour Builder The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 5.4 |
2023-01-09 | CVE-2022-4393 | Avirtum | Cross-site Scripting vulnerability in Avirtum Imagelinks 1.4.0/1.4.1 The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 5.4 |
2023-01-09 | CVE-2022-4394 | Ipages Flipbook Project | Unspecified vulnerability in Ipages Flipbook Project Ipages Flipbook The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 5.4 |
2023-01-09 | CVE-2022-4468 | Bootstrapped | Unspecified vulnerability in Bootstrapped WP Recipe Maker The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | 5.4 |
2023-01-09 | CVE-2022-4479 | Dublue | Unspecified vulnerability in Dublue Table of Contents Plus The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
2023-01-09 | CVE-2022-4491 | WP Table Reloaded Project | Unspecified vulnerability in Wp-Table Reloaded Project Wp-Table Reloaded The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. | 5.4 |
2023-01-09 | CVE-2022-4497 | Automattic | Unspecified vulnerability in Automattic Jetpack CRM The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins | 5.4 |
2023-01-09 | CVE-2022-46769 | Apache | Cross-site Scripting vulnerability in Apache Sling CMS An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 | 5.4 |
2023-01-13 | CVE-2022-42288 | Nvidia | Information Exposure Through Discrepancy vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | 5.3 |
2023-01-13 | CVE-2022-48257 | Eternal Terminal Project | Incorrect Permission Assignment for Critical Resource vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1 In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | 5.3 |
2023-01-13 | CVE-2022-48258 | Eternal Terminal Project | Unspecified vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1 In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles. | 5.3 |
2023-01-12 | CVE-2022-46371 | Alotceriot | Information Exposure Through an Error Message vulnerability in Alotceriot Ar7088H-A Firmware Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. | 5.3 |
2023-01-12 | CVE-2022-3341 | Ffmpeg | NULL Pointer Dereference vulnerability in Ffmpeg A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. | 5.3 |
2023-01-12 | CVE-2022-3514 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 5.3 |
2023-01-12 | CVE-2022-3870 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 5.3 |
2023-01-12 | CVE-2022-4131 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 5.3 |
2023-01-11 | CVE-2022-23813 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD Milanpi-Sp3 Firmware and Romepi Firmware The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. | 5.3 |
2023-01-11 | CVE-2022-23814 | AMD | Improper Input Validation vulnerability in AMD Milanpi-Sp3 Firmware Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. | 5.3 |
2023-01-11 | CVE-2023-20532 | AMD | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. | 5.3 |
2023-01-11 | CVE-2023-22963 | Personnummer | Improper Input Validation vulnerability in Personnummer The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. | 5.3 |
2023-01-10 | CVE-2023-21525 | Microsoft | Unspecified vulnerability in Microsoft products Remote Procedure Call Runtime Denial of Service Vulnerability | 5.3 |
2023-01-10 | CVE-2023-21682 | Microsoft | Unspecified vulnerability in Microsoft products Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | 5.3 |
2023-01-10 | CVE-2023-21743 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Security Feature Bypass Vulnerability | 5.3 |
2023-01-10 | CVE-2022-30332 | Talend | Information Exposure Through Discrepancy vulnerability in Talend Administration Center 7.3.1 In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. | 5.3 |
2023-01-10 | CVE-2023-22909 | Mediawiki Fedoraproject | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 5.3 |
2023-01-12 | CVE-2023-0254 | Simple Membership Plugin | Unspecified vulnerability in Simple-Membership-Plugin Simple Membership WP User Import The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. | 4.9 |
2023-01-09 | CVE-2022-4884 | Checkmk | Path Traversal vulnerability in Checkmk 2.0.0/2.1.0 Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file. | 4.9 |
2023-01-13 | CVE-2023-0295 | Obox | Unspecified vulnerability in Obox Launchpad - Coming Soon & Maintenance Mode Plugin 1.0.13 The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. | 4.8 |
2023-01-10 | CVE-2023-0162 | Machothemes | Unspecified vulnerability in Machothemes CPO Companion The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. | 4.8 |
2023-01-09 | CVE-2022-3855 | 404 TO Start Project | Unspecified vulnerability in 404 to Start Project 404 to Start 1.6.1 The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-09 | CVE-2022-4196 | Mondula | Unspecified vulnerability in Mondula Multi Step Form The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-01-12 | CVE-2022-3145 | Okta | Open Redirect vulnerability in Okta Oidc Middleware An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | 4.7 |
2023-01-11 | CVE-2021-46795 | AMD | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. | 4.7 |
2023-01-10 | CVE-2023-21536 | Microsoft | Exposure of Resource to Wrong Sphere vulnerability in Microsoft products Event Tracing for Windows Information Disclosure Vulnerability | 4.7 |
2023-01-10 | CVE-2023-21766 | Microsoft | Race Condition vulnerability in Microsoft products Windows Overlay Filter Information Disclosure Vulnerability | 4.7 |
2023-01-09 | CVE-2022-4882 | Kaltura | Cross-site Scripting vulnerability in Kaltura Mwembed A vulnerability was found in kaltura mwEmbed up to 2.91. | 4.7 |
2023-01-11 | CVE-2022-0553 | Zephyrproject | Cleartext Transmission of Sensitive Information vulnerability in Zephyrproject Zephyr There is no check to see if slot 0 is being uploaded from the device to the host. | 4.6 |
2023-01-09 | CVE-2022-22079 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Denial of service while processing fastboot flash command on mmc due to buffer over read | 4.6 |
2023-01-13 | CVE-2023-0221 | Mcafee | Improper Privilege Management vulnerability in Mcafee Application and Change Control Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | 4.4 |
2023-01-11 | CVE-2021-26328 | AMD | Unspecified vulnerability in AMD products Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests. | 4.4 |
2023-01-11 | CVE-2021-26396 | AMD | Insufficient Verification of Data Authenticity vulnerability in AMD products Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. | 4.4 |
2023-01-10 | CVE-2022-4429 | Avira | Unquoted Search Path or Element vulnerability in Avira Security 1.1.71.30554 Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 | 4.4 |
2023-01-14 | CVE-2023-22471 | Nextcloud | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 4.3 |
2023-01-13 | CVE-2023-0293 | Frenify | Unspecified vulnerability in Frenify Mediamatic 2.7/2.8.1 The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. | 4.3 |
2023-01-13 | CVE-2023-0294 | Frenify | Unspecified vulnerability in Frenify Mediamatic 2.7/2.8.1 The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. | 4.3 |
2023-01-12 | CVE-2022-4365 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 4.3 |
2023-01-12 | CVE-2022-4344 | Wireshark | Resource Exhaustion vulnerability in Wireshark Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | 4.3 |
2023-01-11 | CVE-2023-22487 | Flarum | Unspecified vulnerability in Flarum Flarum is a forum software for building communities. | 4.3 |
2023-01-11 | CVE-2023-22945 | Mediawiki Fedoraproject | Incorrect Authorization vulnerability in multiple products In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | 4.3 |
2023-01-10 | CVE-2022-38482 | Mega | Link Following vulnerability in Mega Hopex 15.2.0.6110 A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. | 4.3 |
2023-01-10 | CVE-2022-45164 | Archibus | Unspecified vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 4.3 |
2023-01-10 | CVE-2022-45166 | Archibus | Unspecified vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 4.3 |
2023-01-10 | CVE-2022-45167 | Archibus | Unspecified vulnerability in Archibus web Central 2022.03.01.107 An issue was discovered in Archibus Web Central 2022.03.01.107. | 4.3 |
2023-01-10 | CVE-2023-0141 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 | |
2023-01-10 | CVE-2022-4705 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. | 4.3 |
2023-01-10 | CVE-2022-4711 | Royal Elementor Addons | Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. | 4.3 |
2023-01-09 | CVE-2022-3923 | Activecampaign | Missing Authorization vulnerability in Activecampaign for Woocommerce 1.9.6 The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. | 4.3 |
2023-01-09 | CVE-2022-4103 | Royal Elementor Addons | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. | 4.3 |
2023-01-09 | CVE-2022-4426 | Wpswings | Unspecified vulnerability in Wpswings Mautic Integration for Woocommerce The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-01-13 | CVE-2023-0091 | Redhat | Incorrect Authorization vulnerability in Redhat Keycloak A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. | 3.8 |
2023-01-12 | CVE-2022-4342 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. | 3.8 |
2023-01-13 | CVE-2023-22489 | Flarum | Missing Authorization vulnerability in Flarum Flarum is a discussion platform for websites. | 3.5 |
2023-01-10 | CVE-2023-22469 | Nextcloud | Insecure Storage of Sensitive Information vulnerability in Nextcloud Deck Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 3.5 |
2023-01-09 | CVE-2022-3343 | 2Code | Unspecified vulnerability in 2Code Wpqa Builder 5.2/5.7/5.9 The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. | 3.5 |
2023-01-10 | CVE-2023-21759 | Microsoft | Unspecified vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2022 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | 3.3 |
2023-01-09 | CVE-2022-4102 | Royal Elementor Addons | Missing Authorization vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. | 3.1 |
2023-01-11 | CVE-2023-20528 | AMD | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | 2.4 |
2023-01-09 | CVE-2023-22473 | Nextcloud | Improper Access Control vulnerability in Nextcloud Talk Talk-Android enables users to have video & audio calls through Nextcloud on Android. | 2.1 |