Weekly Vulnerabilities Reports > February 6 to 12, 2023

Overview

561 new vulnerabilities reported during this period, including 80 critical vulnerabilities and 178 high severity vulnerabilities. This weekly summary report vulnerabilities in 1067 products from 207 vendors including Google, Dell, Samsung, Qualcomm, and Wickedplugins. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Missing Authorization", and "Out-of-bounds Read".

  • 391 reported vulnerabilities are remotely exploitables.
  • 158 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 256 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 80 reported vulnerabilities.
  • Dlink has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

80 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-11 CVE-2023-0776 Baicells Command Injection vulnerability in Baicells products

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections.

10.0
2023-02-12 CVE-2023-0788 Phpmyfaq Code Injection vulnerability in PHPmyfaq

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

9.8
2023-02-12 CVE-2023-0789 Phpmyfaq Command Injection vulnerability in PHPmyfaq

Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

9.8
2023-02-12 CVE-2023-0784 Best Online News Portal Project SQL Injection vulnerability in Best Online News Portal Project Best Online News Portal 1.0

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0.

9.8
2023-02-12 CVE-2022-25729 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in modem due to improper length check while copying into memory

9.8
2023-02-12 CVE-2022-33279 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

9.8
2023-02-12 CVE-2022-40514 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

9.8
2023-02-12 CVE-2022-41731 IBM SQL Injection vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.5.0

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection.

9.8
2023-02-12 CVE-2022-45088 Gruparge Improper Input Validation vulnerability in Gruparge Smartpower web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.

9.8
2023-02-12 CVE-2022-4557 Gruparge SQL Injection vulnerability in Gruparge Smartpower

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.

9.8
2023-02-11 CVE-2023-0782 Tenda Out-of-bounds Write vulnerability in Tenda Ac23 Firmware 16.03.07.45

A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical.

9.8
2023-02-11 CVE-2023-0783 Shopex Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop 4.1.5

A vulnerability was found in EcShop 4.1.5.

9.8
2023-02-11 CVE-2023-0781 Canteen Management System Project SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0

A vulnerability was found in SourceCodester Canteen Management System 1.0.

9.8
2023-02-11 CVE-2023-25560 Datahub Project Improper Control of Dynamically-Managed Code Resources vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

9.8
2023-02-11 CVE-2023-25561 Datahub Project Improper Handling of Exceptional Conditions vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

9.8
2023-02-11 CVE-2023-25562 Datahub Project Insufficient Session Expiration vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

9.8
2023-02-10 CVE-2023-23162 Phpgurukul SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0

Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.

9.8
2023-02-10 CVE-2023-23163 Phpgurukul SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0

Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.

9.8
2023-02-10 CVE-2023-0777 Modoboa Unspecified vulnerability in Modoboa

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.

9.8
2023-02-10 CVE-2015-10077 Webbuildersgroup SQL Injection vulnerability in Webbuildersgroup Silverstripe-Kapost-Bridge

A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3.

9.8
2023-02-10 CVE-2023-24348 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.

9.8
2023-02-10 CVE-2023-24349 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.

9.8
2023-02-10 CVE-2023-24350 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.

9.8
2023-02-10 CVE-2023-24351 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.

9.8
2023-02-10 CVE-2023-24352 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.

9.8
2023-02-10 CVE-2023-0774 Medical Certificate Generator APP Project SQL Injection vulnerability in Medical Certificate Generator APP Project Medical Certificate Generator APP 1.0

A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical.

9.8
2023-02-10 CVE-2022-45699 Apsystems OS Command Injection vulnerability in Apsystems Ecu-R Firmware 5203

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.

9.8
2023-02-09 CVE-2015-10076 Shaarlier Project SQL Injection vulnerability in Shaarlier Project Shaarlier

A vulnerability was found in dimtion Shaarlier up to 1.2.2.

9.8
2023-02-09 CVE-2022-43550 Jitsi Command Injection vulnerability in Jitsi 2.10.5550/2.5.5061/2.9.5544

A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.

9.8
2023-02-09 CVE-2023-0575 Yugabyte Unspecified vulnerability in Yugabyte Yugabytedb

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc.

9.8
2023-02-09 CVE-2023-0745 Yugabyte Path Traversal vulnerability in Yugabyte Yugabytedb Managed

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0

9.8
2023-02-09 CVE-2023-0574 Yugabyte Unspecified vulnerability in Yugabyte Yugabytedb Managed

Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc.

9.8
2023-02-09 CVE-2023-0758 Jfinaloa Project SQL Injection vulnerability in Jfinaloa Project Jfinaloa 1.0.2

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical.

9.8
2023-02-08 CVE-2022-45982 Thinkphp Deserialization of Untrusted Data vulnerability in Thinkphp

thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability.

9.8
2023-02-08 CVE-2022-45526 Institutional Management Website Project SQL Injection vulnerability in Institutional Management Website Project Institutional Management Website 1.0

SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.

9.8
2023-02-08 CVE-2022-45527 Institutional Management Website Project Unrestricted Upload of File with Dangerous Type vulnerability in Institutional Management Website Project Institutional Management Website 1.0

File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.

9.8
2023-02-08 CVE-2022-43762 BR Automation Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Br-Automation Industrial Automation Aprol

 Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages

9.8
2023-02-08 CVE-2022-43764 BR Automation Out-of-bounds Write vulnerability in Br-Automation Industrial Automation Aprol

Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow.

9.8
2023-02-08 CVE-2023-0744 Answer Unspecified vulnerability in Answer

Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.

9.8
2023-02-07 CVE-2021-36471 Adminlte IO Path Traversal vulnerability in Adminlte.Io Adminlte 3.1.0

Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.

9.8
2023-02-07 CVE-2011-10003 Xpressengine SQL Injection vulnerability in Xpressengine

A vulnerability was found in XpressEngine up to 1.4.4.

9.8
2023-02-07 CVE-2023-24813 Dompdf Project Interpretation Conflict vulnerability in Dompdf Project Dompdf 2.0.2

Dompdf is an HTML to PDF converter written in php.

9.8
2023-02-07 CVE-2011-10002 Weblabyrinth Project SQL Injection vulnerability in Weblabyrinth Project Weblabyrinth 0.3.1

A vulnerability classified as critical has been found in weblabyrinth 0.3.1.

9.8
2023-02-07 CVE-2022-31249 Suse OS Command Injection vulnerability in Suse Wrangler

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler.

9.8
2023-02-07 CVE-2022-43755 Suse Insufficient Entropy vulnerability in Suse Rancher

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed.

9.8
2023-02-07 CVE-2023-0707 Medical Certificate Generator APP Project SQL Injection vulnerability in Medical Certificate Generator APP Project Medical Certificate Generator APP 1.0

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0.

9.8
2023-02-06 CVE-2022-3229 Unifiedremote Unspecified vulnerability in Unifiedremote Unified Remote

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

9.8
2023-02-06 CVE-2021-31573 Mediatek Command Injection vulnerability in Mediatek En7528 Firmware and En7580 Firmware

In Config Manager, there is a possible command injection due to improper input validation.

9.8
2023-02-06 CVE-2021-31574 Mediatek Command Injection vulnerability in Mediatek En7528 Firmware and En7580 Firmware

In Config Manager, there is a possible command injection due to improper input validation.

9.8
2023-02-06 CVE-2021-31575 Mediatek Command Injection vulnerability in Mediatek En7528 Firmware and En7580 Firmware

In Config Manager, there is a possible command injection due to improper input validation.

9.8
2023-02-06 CVE-2021-31577 Mediatek Missing Authorization vulnerability in Mediatek En7528 Firmware and En7580 Firmware

In Boa, there is a possible escalation of privilege due to a missing permission check.

9.8
2023-02-06 CVE-2021-31578 Mediatek Out-of-bounds Write vulnerability in Mediatek En7528 Firmware and En7580 Firmware

In Boa, there is a possible escalation of privilege due to a stack buffer overflow.

9.8
2023-02-06 CVE-2023-23333 Contec Command Injection vulnerability in Contec Solarview Compact Firmware 6.0

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

9.8
2023-02-06 CVE-2022-45589 Talend SQL Injection vulnerability in Talend ESB Runtime 5.1/7.1.1R202109

All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only.

9.8
2023-02-06 CVE-2022-4681 Wpwave Unspecified vulnerability in Wpwave Hide MY WP 6.2.3

The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

9.8
2023-02-06 CVE-2023-0686 Online Eyewear Shop Project SQL Injection vulnerability in Online Eyewear Shop Project Online Eyewear Shop 1.0

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0.

9.8
2023-02-06 CVE-2023-0687 GNU Classic Buffer Overflow vulnerability in GNU Glibc

A vulnerability was found in GNU C Library 2.38.

9.8
2023-02-06 CVE-2022-47071 Nvs365 Unspecified vulnerability in Nvs365 Nvs-365-V01 Firmware

In NVS365 V01, the background network test function can trigger command execution.

9.8
2023-02-06 CVE-2022-48078 Pycdc Project Out-of-bounds Write vulnerability in Pycdc Project Pycdc

pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode.

9.8
2023-02-06 CVE-2023-24198 Oretnom23 SQL Injection vulnerability in Oretnom23 Raffle Draw System 1.0

Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.

9.8
2023-02-06 CVE-2023-24199 Oretnom23 SQL Injection vulnerability in Oretnom23 Raffle Draw System 1.0

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.

9.8
2023-02-06 CVE-2023-24200 Oretnom23 SQL Injection vulnerability in Oretnom23 Raffle Draw System 1.0

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.

9.8
2023-02-06 CVE-2023-24201 Oretnom23 SQL Injection vulnerability in Oretnom23 Raffle Draw System 1.0

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.

9.8
2023-02-06 CVE-2023-24202 Oretnom23 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Raffle Draw System 1.0

Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.

9.8
2023-02-06 CVE-2023-24276 Totolink Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.

9.8
2023-02-06 CVE-2021-36224 Westerndigital Use of Hard-coded Credentials vulnerability in Westerndigital MY Cloud OS

Western Digital My Cloud devices before OS5 have a nobody account with a blank password.

9.8
2023-02-06 CVE-2021-36226 Westerndigital Improper Verification of Cryptographic Signature vulnerability in Westerndigital MY Cloud OS

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.

9.8
2023-02-06 CVE-2014-125086 Gimmie Project SQL Injection vulnerability in Gimmie Project Gimmie

A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical.

9.8
2023-02-06 CVE-2014-125084 Gimmie Project SQL Injection vulnerability in Gimmie Project Gimmie

A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin.

9.8
2023-02-06 CVE-2014-125085 Gimmie Project SQL Injection vulnerability in Gimmie Project Gimmie

A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin.

9.8
2023-02-06 CVE-2015-10073 Tinymighty Cross-site Scripting vulnerability in Tinymighty Wikiseo 1.2.1

A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki.

9.6
2023-02-11 CVE-2023-25557 Datahub Project Server-Side Request Forgery (SSRF) vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

9.1
2023-02-10 CVE-2022-45766 Keystorage Use of Hard-coded Credentials vulnerability in Keystorage Global Facilities Management Software 3.0

Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.

9.1
2023-02-10 CVE-2022-43501 Elwsc Use of Insufficiently Random Values vulnerability in Elwsc products

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source.

9.1
2023-02-09 CVE-2022-48290 Huawei Unspecified vulnerability in Huawei Harmonyos 3.0.0

The phone-PC collaboration module has a logic bypass vulnerability.

9.1
2023-02-08 CVE-2023-0740 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.

9.0
2023-02-08 CVE-2023-0741 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.

9.0
2023-02-08 CVE-2023-0742 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.

9.0
2023-02-08 CVE-2023-0743 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.

9.0
2023-02-06 CVE-2022-48311 HP Cross-site Scripting vulnerability in HP Deskjet 2540 A9U23B Firmware Cep1Fn1418Br

**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page.

9.0

178 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-12 CVE-2023-0790 Phpmyfaq Uncaught Exception vulnerability in PHPmyfaq

Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

8.8
2023-02-12 CVE-2023-0793 Phpmyfaq Weak Password Requirements vulnerability in PHPmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

8.8
2023-02-12 CVE-2022-33280 Qualcomm Access of Uninitialized Pointer vulnerability in Qualcomm products

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.

8.8
2023-02-12 CVE-2022-45089 Gruparge SQL Injection vulnerability in Gruparge Smartpower web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.

8.8
2023-02-12 CVE-2022-45090 Gruparge SQL Injection vulnerability in Gruparge Smartpower web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.

8.8
2023-02-12 CVE-2023-20076 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system.

8.8
2023-02-11 CVE-2022-34448 Dell Cross-Site Request Forgery (CSRF) vulnerability in Dell Powerpath Management Appliance

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability.

8.8
2023-02-11 CVE-2022-45104 Dell OS Command Injection vulnerability in Dell products

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability.

8.8
2023-02-11 CVE-2023-25558 Datahub Project Deserialization of Untrusted Data vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

8.8
2023-02-10 CVE-2022-46649 Sierrawireless OS Command Injection vulnerability in Sierrawireless Aleos

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.

8.8
2023-02-10 CVE-2023-24343 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.

8.8
2023-02-10 CVE-2023-24344 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.

8.8
2023-02-10 CVE-2023-24345 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.

8.8
2023-02-10 CVE-2023-24346 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.

8.8
2023-02-10 CVE-2023-24347 Dlink Out-of-bounds Write vulnerability in Dlink Dir-605L Firmware 2.13B01

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.

8.8
2023-02-10 CVE-2023-0771 Ampache SQL Injection vulnerability in Ampache

SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.

8.8
2023-02-10 CVE-2022-3568 Orangelab Cross-Site Request Forgery (CSRF) vulnerability in Orangelab Imagemagick Engine

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5.

8.8
2023-02-09 CVE-2023-22794 Activerecord Project SQL Injection vulnerability in Activerecord Project Activerecord

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments.

8.8
2023-02-09 CVE-2023-23912 UI Code Injection vulnerability in UI products

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.

8.8
2023-02-09 CVE-2023-24323 Mojoportal XXE vulnerability in Mojoportal 2.7.0.0

Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.

8.8
2023-02-09 CVE-2023-21443 Samsung Inadequate Encryption Strength vulnerability in Samsung Flow

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands.

8.8
2023-02-09 CVE-2023-21444 Samsung Inadequate Encryption Strength vulnerability in Samsung Flow

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands.

8.8
2023-02-09 CVE-2023-22953 Expressionengine Unspecified vulnerability in Expressionengine

In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.

8.8
2023-02-09 CVE-2023-0759 Agentejo Privilege Chaining vulnerability in Agentejo Cockpit

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

8.8
2023-02-08 CVE-2022-47648 Bosch Authentication Bypass by Spoofing vulnerability in Bosch B420 Firmware 02.02.0001

An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization.

8.8
2023-02-08 CVE-2022-42438 IBM Forced Browsing vulnerability in IBM Cloud PAK for Multicloud Management Monitoring

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths.

8.8
2023-02-08 CVE-2023-25152 Pterodactyl Link Following vulnerability in Pterodactyl Wings

Wings is Pterodactyl's server control plane.

8.8
2023-02-08 CVE-2022-41620 Seosamba Cross-Site Request Forgery (CSRF) vulnerability in Seosamba 1.0.5

Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.

8.8
2023-02-08 CVE-2023-24828 Onedev Project Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Onedev Project Onedev

Onedev is a self-hosted Git Server with CI/CD and Kanban.

8.8
2023-02-07 CVE-2022-45768 Edimax OS Command Injection vulnerability in Edimax Br-6428Ns Firmware 1.20

Command Injection vulnerability in Edimax Technology Co., Ltd.

8.8
2023-02-07 CVE-2023-0696 Google Type Confusion vulnerability in Google Chrome

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-02-07 CVE-2023-0698 Google Out-of-bounds Read vulnerability in Google Chrome

Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8
2023-02-07 CVE-2023-0699 Google Use After Free vulnerability in Google Chrome

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown.

8.8
2023-02-07 CVE-2023-0701 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction .

8.8
2023-02-07 CVE-2023-0702 Google Type Confusion vulnerability in Google Chrome

Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-02-07 CVE-2023-0703 Google Type Confusion vulnerability in Google Chrome

Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions.

8.8
2023-02-07 CVE-2023-25194 Apache Deserialization of Untrusted Data vulnerability in Apache Kafka Connect

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations.

8.8
2023-02-07 CVE-2022-4883 X ORG Untrusted Search Path vulnerability in X.Org Libxpm

A flaw was found in libXpm.

8.8
2023-02-07 CVE-2022-45544 Schlix Incorrect Authorization vulnerability in Schlix CMS 2.2.72

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter.

8.8
2023-02-07 CVE-2022-21953 Suse Missing Authorization vulnerability in Suse Rancher

A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

8.8
2023-02-07 CVE-2022-43757 Suse Cleartext Storage of Sensitive Information vulnerability in Suse Rancher

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials.

8.8
2023-02-07 CVE-2022-43759 Suse Improper Privilege Management vulnerability in Suse Rancher

A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster.

8.8
2023-02-07 CVE-2023-0706 Medical Certificate Generator APP Project SQL Injection vulnerability in Medical Certificate Generator APP Project Medical Certificate Generator APP 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0.

8.8
2023-02-06 CVE-2023-0234 Siteground Unspecified vulnerability in Siteground Security

The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.

8.8
2023-02-06 CVE-2022-2933 0MK Shortener Project Unspecified vulnerability in 0MK Shortener Project 0MK Shortener 0.2

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2.

8.8
2023-02-06 CVE-2021-36225 Westerndigital Missing Authorization vulnerability in Westerndigital MY Cloud OS

Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.

8.8
2023-02-09 CVE-2023-25168 Pterodactyl Link Following vulnerability in Pterodactyl Wings

Wings is Pterodactyl's server control plane.

8.2
2023-02-11 CVE-2022-34446 Dell Unspecified vulnerability in Dell Powerpath Management Appliance 3.2/3.3

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability.

8.1
2023-02-11 CVE-2023-25559 Datahub Project Incorrect Authorization vulnerability in Datahub Project Datahub

DataHub is an open-source metadata platform.

8.1
2023-02-10 CVE-2022-4903 Codenameone Exposure of Resource to Wrong Sphere vulnerability in Codenameone Codename ONE 7.0.70

A vulnerability was found in CodenameOne 7.0.70.

8.1
2023-02-06 CVE-2022-42951 Couchbase Race Condition vulnerability in Couchbase Server

An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2.

8.1
2023-02-06 CVE-2023-0679 Canteen Management System Project SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0

A vulnerability was found in SourceCodester Canteen Management System 1.0.

8.1
2023-02-12 CVE-2022-33225 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption due to use after free in trusted application environment.

7.8
2023-02-12 CVE-2022-33232 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.

7.8
2023-02-12 CVE-2022-33233 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

7.8
2023-02-12 CVE-2022-33243 Qualcomm Unspecified vulnerability in Qualcomm products

Memory corruption due to improper access control in Qualcomm IPC.

7.8
2023-02-12 CVE-2022-33246 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id.

7.8
2023-02-12 CVE-2022-33248 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.

7.8
2023-02-12 CVE-2022-33277 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command.

7.8
2023-02-12 CVE-2022-38396 Microsoft Unspecified vulnerability in Microsoft products

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path.

7.8
2023-02-12 CVE-2022-42292 Nvidia Link Following vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.

7.8
2023-02-12 CVE-2022-47361 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In firewall service, there is a missing permission check.

7.8
2023-02-11 CVE-2023-0127 Dlink Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.17

A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.

7.8
2023-02-11 CVE-2022-34384 Dell Improper Privilege Management vulnerability in Dell products

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component.

7.8
2023-02-11 CVE-2022-34387 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell products

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability.

7.8
2023-02-10 CVE-2023-24569 Dell Improper Input Validation vulnerability in Dell Alienware Command Center 5.4.35.0/5.5.37.0

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability.

7.8
2023-02-09 CVE-2023-0770 Gpac
Debian
Out-of-bounds Write vulnerability in multiple products

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.

7.8
2023-02-09 CVE-2023-21420 Samsung Use of Externally-Controlled Format String vulnerability in Samsung Android 10.0/11.0

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.

7.8
2023-02-09 CVE-2023-21421 Samsung Improper Privilege Management vulnerability in Samsung Android 10.0/11.0

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

7.8
2023-02-09 CVE-2023-21430 Samsung Out-of-bounds Read vulnerability in Samsung Android 10.0/11.0

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.

7.8
2023-02-09 CVE-2023-21432 Samsung Unspecified vulnerability in Samsung Smart Things

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.

7.8
2023-02-09 CVE-2023-21433 Samsung Incorrect Default Permissions vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.

7.8
2023-02-09 CVE-2023-21439 Samsung Improper Input Validation vulnerability in Samsung Android 12.0/13.0

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.

7.8
2023-02-09 CVE-2023-21445 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.

7.8
2023-02-09 CVE-2023-21451 Samsung Out-of-bounds Write vulnerability in Samsung Android 12.0

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.

7.8
2023-02-09 CVE-2023-0760 Gpac Heap-based Buffer Overflow vulnerability in Gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.

7.8
2023-02-09 CVE-2022-43440 Tribe29 Uncontrolled Search Path Element vulnerability in Tribe29 Checkmk

Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable

7.8
2023-02-08 CVE-2023-0249 Deltaww Out-of-bounds Write vulnerability in Deltaww Diascreen

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.

7.8
2023-02-08 CVE-2023-0250 Deltaww Stack-based Buffer Overflow vulnerability in Deltaww Diascreen

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

7.8
2023-02-08 CVE-2023-0251 Deltaww Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Diascreen

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.

7.8
2023-02-08 CVE-2022-38777 Elastic Improper Privilege Management vulnerability in Elastic Endgame and Endpoint Security

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

7.8
2023-02-08 CVE-2023-25396 Caphyon Unspecified vulnerability in Caphyon Advanced Installer

Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files.

7.8
2023-02-08 CVE-2023-0002 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.

7.8
2023-02-07 CVE-2022-31254 Opensuse Incorrect Default Permissions vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1

A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root.

7.8
2023-02-07 CVE-2023-22643 Opensuse OS Command Injection vulnerability in Opensuse Libzypp-Plugin-Appdata

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root.

7.8
2023-02-07 CVE-2023-23696 Dell Incorrect Authorization vulnerability in Dell Command | Intel Vpro OUT of Band

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability.

7.8
2023-02-06 CVE-2022-40196 Intel Unspecified vulnerability in Intel Oneapi Dpc++/C++ Compiler

Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-06 CVE-2022-41342 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel C++ Compiler

Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2023-02-06 CVE-2022-48019 WFS Improper Privilege Management vulnerability in WFS Another Eden

The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.

7.8
2023-02-06 CVE-2022-25853 Semver Tags Project Unspecified vulnerability in Semver-Tags Project Semver-Tags

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.

7.8
2023-02-06 CVE-2022-25855 Create Choo App3 Project Unspecified vulnerability in Create-Choo-App3 Project Create-Choo-App3

All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.

7.8
2023-02-12 CVE-2020-36661 Konghq Unspecified vulnerability in Konghq Multipart 0.5.81

A vulnerability was found in Kong lua-multipart 0.5.8-1.

7.5
2023-02-12 CVE-2019-25103 Khanacademy Unspecified vulnerability in Khanacademy Simple-Markdown 0.5.1

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic.

7.5
2023-02-12 CVE-2019-25102 Khanacademy Unspecified vulnerability in Khanacademy Simple-Markdown 0.6.0

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0.

7.5
2023-02-12 CVE-2022-25728 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in modem due to buffer over-read while processing response from DNS server

7.5
2023-02-12 CVE-2022-25732 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in modem due to buffer over read in dns client due to missing length check

7.5
2023-02-12 CVE-2022-25733 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Denial of service in modem due to null pointer dereference while processing DNS packets

7.5
2023-02-12 CVE-2022-25734 Qualcomm Infinite Loop vulnerability in Qualcomm products

Denial of service in modem due to missing null check while processing IP packets with padding

7.5
2023-02-12 CVE-2022-25735 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

7.5
2023-02-12 CVE-2022-25738 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in modem due to buffer over-red while performing checksum of packet received

7.5
2023-02-12 CVE-2022-33229 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

7.5
2023-02-12 CVE-2022-33271 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

7.5
2023-02-12 CVE-2022-33306 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs.

7.5
2023-02-12 CVE-2022-34145 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS due to buffer over-read in WLAN Host while parsing frame information.

7.5
2023-02-12 CVE-2022-34146 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation.

7.5
2023-02-12 CVE-2022-40502 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Transient DOS due to improper input validation in WLAN Host.

7.5
2023-02-12 CVE-2022-40512 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

7.5
2023-02-12 CVE-2022-40513 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.

7.5
2023-02-11 CVE-2022-34444 Dell Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Powerscale Onefs

Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability.

7.5
2023-02-10 CVE-2023-22832 Apache XXE vulnerability in Apache Nifi

The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.

7.5
2023-02-09 CVE-2023-23592 Wallix Unspecified vulnerability in Wallix Bastion Access Manager

WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.

7.5
2023-02-09 CVE-2023-23625 Protocol Resource Exhaustion vulnerability in Protocol Go-Unixfs

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag.

7.5
2023-02-09 CVE-2023-23626 Protocol Improper Validation of Specified Quantity in Input vulnerability in Protocol Go-Bitfield 1.0.0

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library.

7.5
2023-02-09 CVE-2023-23631 Protocol Resource Exhaustion vulnerability in Protocol Go-Unixfsnode

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing.

7.5
2023-02-09 CVE-2022-44566 Activerecord Project Unspecified vulnerability in Activerecord Project Activerecord

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1.

7.5
2023-02-09 CVE-2022-44570 Rack Project Unspecified vulnerability in Rack Project Rack

A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0.

7.5
2023-02-09 CVE-2022-44571 Rack Project Unspecified vulnerability in Rack Project Rack

There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1.

7.5
2023-02-09 CVE-2022-44572 Rack Project Unspecified vulnerability in Rack Project Rack

A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector.

7.5
2023-02-09 CVE-2023-22792 Rubyonrails Unspecified vulnerability in Rubyonrails Rails

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1.

7.5
2023-02-09 CVE-2023-22795 Rubyonrails
Debian
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header.
7.5
2023-02-09 CVE-2023-22796 Activesupport Project Unspecified vulnerability in Activesupport Project Activesupport

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1.

7.5
2023-02-09 CVE-2023-22799 Rubyonrails Unspecified vulnerability in Rubyonrails Globalid

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time.

7.5
2023-02-09 CVE-2023-21419 Google Unspecified vulnerability in Google Android 12.0

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.

7.5
2023-02-09 CVE-2022-48286 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The multi-screen collaboration module has a privilege escalation vulnerability.

7.5
2023-02-09 CVE-2022-48287 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The HwContacts module has a logic bypass vulnerability.

7.5
2023-02-09 CVE-2022-48288 Huawei Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos

The bundle management module lacks authentication and control mechanisms in some APIs.

7.5
2023-02-09 CVE-2022-48289 Huawei Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos

The bundle management module lacks authentication and control mechanisms in some APIs.

7.5
2023-02-09 CVE-2022-48294 Huawei Improper Authentication vulnerability in Huawei Emui and Harmonyos

The IHwAttestationService interface has a defect in authentication.

7.5
2023-02-09 CVE-2022-48295 Huawei Improper Preservation of Permissions vulnerability in Huawei Emui and Harmonyos

The IHwAntiMalPlugin interface lacks permission verification.

7.5
2023-02-09 CVE-2022-48297 Huawei Improper Validation of Specified Quantity in Input vulnerability in Huawei Emui and Harmonyos

The geofencing kernel code has a vulnerability of not verifying the length of the input data.

7.5
2023-02-09 CVE-2022-48298 Huawei Improper Validation of Specified Quantity in Input vulnerability in Huawei Emui and Harmonyos

The geofencing kernel code does not verify the length of the input data.

7.5
2023-02-09 CVE-2022-48299 Huawei Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos

The WMS module lacks the authentication mechanism in some APIs.

7.5
2023-02-09 CVE-2022-48300 Huawei Missing Authentication for Critical Function vulnerability in Huawei Emui and Harmonyos

The WMS module lacks the authentication mechanism in some APIs.

7.5
2023-02-09 CVE-2022-48301 Huawei Improper Preservation of Permissions vulnerability in Huawei Emui and Harmonyos

The bundle management module lacks permission verification in some APIs.

7.5
2023-02-09 CVE-2022-48302 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

7.5
2023-02-08 CVE-2022-34350 IBM Improper Input Validation vulnerability in IBM API Connect

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input.

7.5
2023-02-08 CVE-2022-4450 Openssl
Stormshield
Double Free vulnerability in multiple products

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g.

7.5
2023-02-08 CVE-2023-0215 Openssl
Stormshield
Use After Free vulnerability in multiple products

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO.

7.5
2023-02-08 CVE-2023-0216 Openssl
Stormshield
NULL Pointer Dereference vulnerability in multiple products

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack.

7.5
2023-02-08 CVE-2023-0217 Openssl NULL Pointer Dereference vulnerability in Openssl

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function.

7.5
2023-02-08 CVE-2023-0401 Openssl
Stormshield
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data.

7.5
2023-02-08 CVE-2023-25151 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation Opentelemetry-Go Contrib 0.38.0

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go.

7.5
2023-02-08 CVE-2023-25164 Tina Information Exposure Through Log Files vulnerability in Tina Tinacms

Tinacms is a Git-backed headless content management system with support for visual editing.

7.5
2023-02-08 CVE-2022-43763 BR Automation Unchecked Return Value vulnerability in Br-Automation Industrial Automation Aprol

Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.

7.5
2023-02-08 CVE-2022-43765 BR Automation Unchecked Return Value vulnerability in Br-Automation Industrial Automation Aprol

B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.

7.5
2023-02-08 CVE-2022-43761 BR Automation Missing Authentication for Critical Function vulnerability in Br-Automation Industrial Automation Aprol

Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. 

7.5
2023-02-07 CVE-2021-37492 Ravencoin Unspecified vulnerability in Ravencoin

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function.

7.5
2023-02-07 CVE-2022-46663 GNU
Fedoraproject
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
7.5
2023-02-07 CVE-2023-0705 Google Integer Overflow or Wraparound vulnerability in Google Chrome

Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page.

7.5
2023-02-07 CVE-2022-46285 X ORG Unspecified vulnerability in X.Org Libxpm

A flaw was found in libXpm.

7.5
2023-02-07 CVE-2022-24990 Terra Master Missing Authentication for Critical Function vulnerability in Terra-Master Terramaster Operating System

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

7.5
2023-02-07 CVE-2022-40224 Moxa Unspecified vulnerability in Moxa Sds-3008-T Firmware and Sds-3008 Firmware

A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1.

7.5
2023-02-07 CVE-2022-40693 Moxa Cleartext Transmission of Sensitive Information vulnerability in Moxa Sds-3008-T Firmware and Sds-3008 Firmware

A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1.

7.5
2023-02-07 CVE-2021-37491 Dogecoin Unspecified vulnerability in Dogecoin

An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.

7.5
2023-02-07 CVE-2022-43756 Suse Injection vulnerability in Suse Wrangler

A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials.

7.5
2023-02-07 CVE-2023-24827 Anchore Information Exposure Through Log Files vulnerability in Anchore Syft 0.69.0/0.69.1

syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.

7.5
2023-02-06 CVE-2022-44617 X ORG Infinite Loop vulnerability in X.Org Libxpm

A flaw was found in libXpm.

7.5
2023-02-06 CVE-2021-31576 Mediatek Missing Authorization vulnerability in Mediatek En7528 Firmware and En7580 Firmware

In Boa, there is a possible information disclosure due to a missing permission check.

7.5
2023-02-06 CVE-2022-48166 Wavlink Missing Authorization vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.201217

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

7.5
2023-02-06 CVE-2023-25016 Couchbase Cleartext Transmission of Sensitive Information vulnerability in Couchbase Server

Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.

7.5
2023-02-06 CVE-2022-32663 Mediatek NULL Pointer Dereference vulnerability in Mediatek products

In Wi-Fi driver, there is a possible system crash due to null pointer dereference.

7.5
2023-02-06 CVE-2022-44343 Crmeb Files or Directories Accessible to External Parties vulnerability in Crmeb 4.4.4

CRMEB 4.4.4 is vulnerable to Any File download.

7.5
2023-02-06 CVE-2022-48164 Wavlink Unspecified vulnerability in Wavlink Wl-Wn533A8 Firmware M33A8.V5030.190716

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.

7.5
2023-02-08 CVE-2023-0286 Openssl
Stormshield
Type Confusion vulnerability in multiple products

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.

7.4
2023-02-07 CVE-2022-31611 Nvidia Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched.

7.3
2023-02-06 CVE-2022-38136 Intel Uncontrolled Search Path Element vulnerability in Intel Oneapi Dpc++/C++ Compiler

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-11 CVE-2022-34447 Dell OS Command Injection vulnerability in Dell Powerpath Management Appliance

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability.

7.2
2023-02-09 CVE-2023-24684 Churchcrm SQL Injection vulnerability in Churchcrm

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.

7.2
2023-02-09 CVE-2023-24685 Churchcrm SQL Injection vulnerability in Churchcrm

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.

7.2
2023-02-07 CVE-2022-38547 Zyxel OS Command Injection vulnerability in Zyxel products

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.

7.2
2023-02-06 CVE-2022-4489 Pluginus Unspecified vulnerability in Pluginus Husky - products Filter Professional for Woocommerce

The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

7.2
2023-02-06 CVE-2023-0669 Fortra Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

7.2
2023-02-11 CVE-2022-34388 Dell Cleartext Storage of Sensitive Information vulnerability in Dell products

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability.

7.1
2023-02-10 CVE-2023-23698 Dell Unspecified vulnerability in Dell Alienware Update and Command Update

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component.

7.1
2023-02-10 CVE-2023-24573 Dell Unspecified vulnerability in Dell Command | Monitor

Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation.

7.1
2023-02-08 CVE-2023-0690 Hashicorp Missing Encryption of Sensitive Data vulnerability in Hashicorp Boundary

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS.

7.1
2023-02-12 CVE-2022-43779 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure.

7.0
2023-02-10 CVE-2023-24816 Ipython OS Command Injection vulnerability in Ipython

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language.

7.0

291 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-08 CVE-2023-0739 Answer Race Condition vulnerability in Answer

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4.

6.8
2023-02-07 CVE-2022-43758 Suse OS Command Injection vulnerability in Suse Rancher

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

6.8
2023-02-12 CVE-2022-47339 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In cmd services, there is a OS command injection issue due to missing permission check.

6.7
2023-02-12 CVE-2022-47341 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

6.7
2023-02-11 CVE-2022-34450 Dell Unspecified vulnerability in Dell Powerpath Management Appliance 3.3

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability.

6.7
2023-02-10 CVE-2022-34377 Dell Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell products

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability.

6.7
2023-02-10 CVE-2022-34454 Dell Out-of-bounds Write vulnerability in Dell EMC Powerscale Onefs 9.1.0.0/9.2.1.0/9.3.0.0

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow.

6.7
2023-02-08 CVE-2023-0001 Paloaltonetworks Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Cortex XDR Agent 7.5/7.5.101

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.

6.7
2023-02-06 CVE-2022-32654 Mediatek Unspecified vulnerability in Mediatek products

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling.

6.7
2023-02-06 CVE-2022-32655 Mediatek Improper Handling of Exceptional Conditions vulnerability in Mediatek products

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling.

6.7
2023-02-06 CVE-2022-32656 Mediatek Unspecified vulnerability in Mediatek products

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling.

6.7
2023-02-06 CVE-2023-20602 Google Integer Overflow or Wraparound vulnerability in Google Android

In ged, there is a possible out of bounds write due to an integer overflow.

6.7
2023-02-06 CVE-2023-20604 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In ged, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-02-06 CVE-2023-20612 Google Improper Input Validation vulnerability in Google Android 11.0/12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-02-06 CVE-2023-20613 Google Improper Input Validation vulnerability in Google Android 11.0/12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-02-06 CVE-2023-20614 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-02-06 CVE-2023-20615 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-02-06 CVE-2023-20616 Google Type Confusion vulnerability in Google Android 11.0/12.0

In ion, there is a possible out of bounds read due to type confusion.

6.7
2023-02-06 CVE-2023-20618 Google Improper Locking vulnerability in Google Android 11.0/12.0/13.0

In vcu, there is a possible memory corruption due to improper locking.

6.7
2023-02-06 CVE-2023-20619 Google Improper Locking vulnerability in Google Android 11.0/12.0/13.0

In vcu, there is a possible memory corruption due to improper locking.

6.7
2023-02-12 CVE-2022-42444 IBM Classic Buffer Overflow vulnerability in IBM APP Connect Enterprise

IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow.

6.5
2023-02-12 CVE-2022-43869 IBM Use of Externally-Controlled Format String vulnerability in IBM Elastic Storage System and Spectrum Scale

IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.

6.5
2023-02-12 CVE-2022-45085 Gruparge Server-Side Request Forgery (SSRF) vulnerability in Gruparge Smartpower web

Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.

6.5
2023-02-12 CVE-2023-0661 Devolutions Unspecified vulnerability in Devolutions Server

Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.

6.5
2023-02-11 CVE-2022-46754 Dell Unspecified vulnerability in Dell Wyse Management Suite

Wyse Management Suite 3.8 and below contain an improper access control vulnerability.

6.5
2023-02-10 CVE-2022-34366 Dell Incorrect Comparison vulnerability in Dell Supportassist for Home PCS

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability.

6.5
2023-02-09 CVE-2023-21427 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.

6.5
2023-02-09 CVE-2022-48292 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos

The Bluetooth module has an out-of-memory (OOM) vulnerability.

6.5
2023-02-09 CVE-2022-48293 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos

The Bluetooth module has an OOM vulnerability.

6.5
2023-02-08 CVE-2022-38778 Elastic
Decode URI Component Project
Improper Input Validation vulnerability in multiple products

A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.

6.5
2023-02-08 CVE-2023-25163 Linuxfoundation Information Exposure Through Log Files vulnerability in Linuxfoundation Argo Continuous Delivery 2.6.0

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

6.5
2023-02-08 CVE-2023-0751 Freebsd Unspecified vulnerability in Freebsd 12.3/12.4/13.1

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file.

6.5
2023-02-08 CVE-2023-25166 Hapi Unspecified vulnerability in Hapi Formula

formula is a math and string formula parser.

6.5
2023-02-08 CVE-2023-0003 Paloaltonetworks
Fedoraproject
Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

6.5
2023-02-08 CVE-2022-40480 Microchip
Nordicsemi
Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.
6.5
2023-02-08 CVE-2022-45191 Microchip Improper Validation of Integrity Check Value vulnerability in Microchip Rn4870 Firmware 1.43

An issue was discovered on Microchip RN4870 1.43 devices.

6.5
2023-02-08 CVE-2022-45192 Microchip Unspecified vulnerability in Microchip Rn4870 Firmware 1.43

An issue was discovered on Microchip RN4870 1.43 devices.

6.5
2023-02-07 CVE-2023-0735 Wallabag Cross-Site Request Forgery (CSRF) vulnerability in Wallabag

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

6.5
2023-02-07 CVE-2023-0697 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page.

6.5
2023-02-07 CVE-2023-0700 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2023-02-07 CVE-2023-0704 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page.

6.5
2023-02-07 CVE-2023-23931 Cryptography Project Improper Check for Unusual or Exceptional Conditions vulnerability in Cryptography Project Cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

6.5
2023-02-07 CVE-2023-24808 Pdfio Project Infinite Loop vulnerability in Pdfio Project Pdfio 1.0/1.0.0/1.0.1

PDFio is a C library for reading and writing PDF files.

6.5
2023-02-06 CVE-2022-44267 Imagemagick Improper Resource Shutdown or Release vulnerability in Imagemagick 7.1.049

ImageMagick 7.1.0-49 is vulnerable to Denial of Service.

6.5
2023-02-06 CVE-2022-44268 Imagemagick Unspecified vulnerability in Imagemagick 7.1.049

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure.

6.5
2023-02-06 CVE-2022-4384 XWP Unspecified vulnerability in XWP Stream

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.

6.5
2023-02-06 CVE-2023-23944 Nextcloud Cleartext Storage of Sensitive Information vulnerability in Nextcloud Mail

Nextcloud mail is an email app for the nextcloud home server platform.

6.5
2023-02-06 CVE-2022-27628 Wzone Project Cross-Site Request Forgery (CSRF) vulnerability in Wzone Project Wzone 3.1

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions.

6.5
2023-02-06 CVE-2022-32642 Google Improper Synchronization vulnerability in Google Android 12.0

In ccd, there is a possible memory corruption due to a race condition.

6.4
2023-02-06 CVE-2022-32643 Google Improper Synchronization vulnerability in Google Android 12.0

In ccd, there is a possible use after free due to a race condition.

6.4
2023-02-06 CVE-2023-20607 Google Improper Synchronization vulnerability in Google Android 11.0/12.0

In ccu, there is a possible memory corruption due to a race condition.

6.4
2023-02-06 CVE-2023-20608 Google Use After Free vulnerability in Google Android 11.0/12.0/13.0

In display drm, there is a possible use after free due to a race condition.

6.4
2023-02-06 CVE-2023-20610 Google Improper Synchronization vulnerability in Google Android 11.0/12.0/13.0

In display drm, there is a possible memory corruption due to a race condition.

6.4
2023-02-06 CVE-2023-20611 Google Improper Synchronization vulnerability in Google Android 12.0/13.0

In gpu, there is a possible use after free due to a race condition.

6.4
2023-02-12 CVE-2015-10078 Resend Welcome Email Project Cross-site Scripting vulnerability in Resend Welcome Email Project Resend Welcome Email 1.0.1

A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1 on WordPress.

6.1
2023-02-12 CVE-2022-45087 Gruparge Cross-site Scripting vulnerability in Gruparge Smartpower web

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: before 23.01.01.

6.1
2023-02-10 CVE-2022-44261 Averydennison Cross-site Scripting vulnerability in Averydennison Monarch Printer M9855 Firmware 2011.06.02

Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS).

6.1
2023-02-10 CVE-2023-23161 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul ART Gallery Management System 1.0

A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.

6.1
2023-02-10 CVE-2023-23286 Farsight Cross-site Scripting vulnerability in Farsight Provide Server 14.4

Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.

6.1
2023-02-09 CVE-2022-21939 Johnsoncontrols Incorrect Permission Assignment for Critical Resource vulnerability in Johnsoncontrols Metasys System Configuration Tool

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

6.1
2023-02-09 CVE-2022-21940 Johnsoncontrols Missing Encryption of Sensitive Data vulnerability in Johnsoncontrols Metasys System Configuration Tool

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.

6.1
2023-02-09 CVE-2023-22797 Rubyonrails
Actionpack Project
Open Redirect vulnerability in multiple products

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input.

6.1
2023-02-09 CVE-2023-22798 Brave Open Redirect vulnerability in Brave Adblock-Lists

Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes.

6.1
2023-02-09 CVE-2023-24322 Mojoportal Cross-site Scripting vulnerability in Mojoportal 2.7.0.0

A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.

6.1
2023-02-09 CVE-2023-21434 Samsung Cross-site Scripting vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

6.1
2023-02-09 CVE-2023-0624 Orangescrum Cross-site Scripting vulnerability in Orangescrum 2.0.11

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application.

6.1
2023-02-08 CVE-2023-0748 Btcpayserver Open Redirect vulnerability in Btcpayserver

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

6.1
2023-02-08 CVE-2022-2094 Yellowyard Unspecified vulnerability in Yellowyard Yellow Yard Searchbar

The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting

6.1
2023-02-07 CVE-2023-23011 Invoiceplane Cross-site Scripting vulnerability in Invoiceplane 1.6.0

Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php.

6.1
2023-02-07 CVE-2023-23026 Simple Sales Management System Project Cross-site Scripting vulnerability in Simple Sales Management System Project Simple Sales Management System 1.0

Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php.

6.1
2023-02-07 CVE-2023-0732 Online Eyewear Shop Project Cross-site Scripting vulnerability in Online Eyewear Shop Project Online Eyewear Shop 1.0

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic.

6.1
2023-02-07 CVE-2023-24814 Typo3 Cross-site Scripting vulnerability in Typo3

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License.

6.1
2023-02-07 CVE-2015-10075 Custom Content Width Project Cross-site Scripting vulnerability in Custom-Content-Width Project Custom-Content-Width 1.0

A vulnerability was found in Custom-Content-Width 1.0.

6.1
2023-02-07 CVE-2022-21948 Opensuse Cross-site Scripting vulnerability in Opensuse Paste

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files.

6.1
2023-02-07 CVE-2015-10074 Openseamap Cross-site Scripting vulnerability in Openseamap Online Chart 1.2

A vulnerability was found in OpenSeaMap online_chart 1.2.

6.1
2023-02-07 CVE-2022-45441 Zyxel Cross-site Scripting vulnerability in Zyxel Nbg-418N Firmware 1.00(Aadz.3)C0/1.00(Aarp.10)C0

A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device.

6.1
2023-02-06 CVE-2022-28923 Caddyserver Open Redirect vulnerability in Caddyserver Caddy 2.4.6

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.

6.1
2023-02-06 CVE-2023-23849 Synopsys Cross-site Scripting vulnerability in Synopsys Coverity

Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability.

6.1
2023-02-06 CVE-2023-23942 Nextcloud Cross-site Scripting vulnerability in Nextcloud Desktop

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer.

6.1
2023-02-06 CVE-2017-20177 Wangguard Project Cross-site Scripting vulnerability in Wangguard Project Wangguard 1.8.0

A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0 on WordPress.

6.1
2023-02-06 CVE-2022-4321 Wpswings Unspecified vulnerability in Wpswings PDF Generator for Wordpress

The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin

6.1
2023-02-06 CVE-2023-0236 Themeum Unspecified vulnerability in Themeum Tutor LMS

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-02-06 CVE-2022-4902 Exoplatform Cross-site Scripting vulnerability in Exoplatform Chat Application

A vulnerability classified as problematic has been found in eXo Chat Application.

6.1
2023-02-06 CVE-2023-24191 Online Food Ordering System Project Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.

6.1
2023-02-06 CVE-2023-24192 Online Food Ordering System Project Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.

6.1
2023-02-06 CVE-2023-24194 Online Food Ordering System Project Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.

6.1
2023-02-06 CVE-2023-24195 Online Food Ordering System Project Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.

6.1
2023-02-06 CVE-2023-24197 Online Food Ordering System Project Cross-site Scripting vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.

6.1
2023-02-06 CVE-2022-29416 Afterpay Cross-site Scripting vulnerability in Afterpay Gateway for Woocommerce

Unauth.

6.1
2023-02-06 CVE-2022-45722 Gzwhir Cross-site Scripting vulnerability in Gzwhir Ezeip 5.3.0(0649)

ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.

6.1
2023-02-06 CVE-2017-20176 Share ON Diaspora Project Cross-site Scripting vulnerability in Share on Diaspora Project Share on Diaspora 0.7.9

A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9.

6.1
2023-02-11 CVE-2022-34404 Dell Improper Certificate Validation vulnerability in Dell System Update 1.9/1.9.1

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module.

6.0
2023-02-11 CVE-2022-34449 Dell Use of Hard-coded Credentials vulnerability in Dell Powerpath Management Appliance 3.2/3.3

PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability.

6.0
2023-02-09 CVE-2022-43552 Haxx
Apple
Use After Free vulnerability in multiple products

A use after free vulnerability exists in curl <7.87.0.

5.9
2023-02-08 CVE-2022-4304 Openssl
Stormshield
Information Exposure Through Discrepancy vulnerability in multiple products

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.

5.9
2023-02-06 CVE-2022-46496 Bticino Improper Certificate Validation vulnerability in Bticino Door Entry for Hometouch

BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.

5.9
2023-02-08 CVE-2023-25150 Nextcloud Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Richdocuments

Nextcloud office/richdocuments is an office suit for the nextcloud server platform.

5.7
2023-02-08 CVE-2023-25167 Discourse Unspecified vulnerability in Discourse

Discourse is an open source discussion platform.

5.7
2023-02-12 CVE-2022-33216 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file.

5.5
2023-02-12 CVE-2022-33221 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests.

5.5
2023-02-12 CVE-2022-38674 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-38675 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In gpu driver, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-02-12 CVE-2022-38680 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-38681 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-38686 Google Unspecified vulnerability in Google Android 10.0/11.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-42783 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-44421 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-44447 Google NULL Pointer Dereference vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check.

5.5
2023-02-12 CVE-2022-44448 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-47322 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-47323 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-47324 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47325 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47326 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47327 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47328 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47329 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47330 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47332 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47333 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47342 Google Improper Validation of Array Index vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47343 Google Improper Validation of Array Index vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47344 Google Improper Validation of Array Index vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47345 Google Improper Validation of Array Index vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47346 Google Improper Validation of Array Index vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47347 Google Improper Validation of Array Index vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47348 Google Improper Validation of Array Index vulnerability in Google Android 10.0/11.0

In engineermode services, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47354 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

In log service, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47355 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

In log service, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47356 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

In log service, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47357 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In log service, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47358 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In log service, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47359 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In log service, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47360 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In log service, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47363 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible out of bounds read due to a missing bounds check.

5.5
2023-02-12 CVE-2022-47364 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-02-12 CVE-2022-47365 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-02-12 CVE-2022-47366 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-02-12 CVE-2022-47367 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In bluetooth driver, there is a missing permission check.

5.5
2023-02-12 CVE-2022-47368 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-47369 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-47370 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-47371 Google Use After Free vulnerability in Google Android 10.0/11.0/12.0

In bt driver, there is a thread competition leads to early release of resources to be accessed.

5.5
2023-02-12 CVE-2022-47450 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing permission check.

5.5
2023-02-12 CVE-2022-47451 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-02-12 CVE-2022-47452 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In gnss driver, there is a possible out of bounds write due to a missing bounds check.

5.5
2023-02-11 CVE-2022-34385 Dell Inadequate Encryption Strength vulnerability in Dell products

SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability.

5.5
2023-02-11 CVE-2022-34386 Dell Use of Hard-coded Credentials vulnerability in Dell products

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability.

5.5
2023-02-11 CVE-2022-34392 Dell Insufficient Session Expiration vulnerability in Dell Supportassist for Home PCS

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability.

5.5
2023-02-10 CVE-2022-34376 Dell Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell products

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability.

5.5
2023-02-09 CVE-2023-21422 Samsung Incorrect Authorization vulnerability in Samsung Android 11.0/12.0

Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.

5.5
2023-02-09 CVE-2023-21423 Samsung Incorrect Authorization vulnerability in Samsung Android 12.0/13.0

Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.

5.5
2023-02-09 CVE-2023-21425 Samsung Improper Authentication vulnerability in Samsung Android 10.0/11.0

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.

5.5
2023-02-09 CVE-2023-21426 Samsung Use of Hard-coded Credentials vulnerability in Samsung Android 10.0

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.

5.5
2023-02-09 CVE-2023-21435 Samsung Information Exposure Through Log Files vulnerability in Samsung Android 11.0/12.0

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.

5.5
2023-02-09 CVE-2023-21437 Samsung Improper Authentication vulnerability in Samsung Android 10.0/11.0

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.

5.5
2023-02-09 CVE-2023-21440 Samsung Inclusion of Functionality from Untrusted Control Sphere vulnerability in Samsung Android 13.0

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.

5.5
2023-02-09 CVE-2023-21441 Samsung Insufficient Verification of Data Authenticity vulnerability in Samsung Android 10.0/11.0

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.

5.5
2023-02-09 CVE-2023-21442 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.

5.5
2023-02-09 CVE-2023-21446 Samsung Improper Input Validation vulnerability in Samsung Android 11.0/12.0

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.

5.5
2023-02-08 CVE-2022-35720 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM products

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information.

5.5
2023-02-07 CVE-2022-42291 Nvidia Link Following vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering.

5.5
2023-02-06 CVE-2023-0615 Linux Memory Leak vulnerability in Linux Kernel

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality.

5.5
2023-02-12 CVE-2023-0787 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

5.4
2023-02-12 CVE-2023-0791 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

5.4
2023-02-12 CVE-2023-0792 Phpmyfaq Code Injection vulnerability in PHPmyfaq

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

5.4
2023-02-12 CVE-2023-0794 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

5.4
2023-02-12 CVE-2022-38657 Hcltech Open Redirect vulnerability in Hcltech HCL Leap

An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page.

5.4
2023-02-12 CVE-2022-45086 Gruparge Cross-site Scripting vulnerability in Gruparge Smartpower web

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: before 23.01.01.

5.4
2023-02-12 CVE-2022-45091 Gruparge Cross-site Scripting vulnerability in Gruparge Smartpower web

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.

5.4
2023-02-11 CVE-2023-0780 Agentejo Improper Restriction of Rendered UI Layers or Frames vulnerability in Agentejo Cockpit

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

5.4
2023-02-09 CVE-2023-24690 Churchcrm Cross-site Scripting vulnerability in Churchcrm

ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.

5.4
2023-02-09 CVE-2023-24687 Mojoportal Cross-site Scripting vulnerability in Mojoportal 2.7.0.0

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component.

5.4
2023-02-08 CVE-2022-45755 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.6.0

Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.

5.4
2023-02-08 CVE-2023-0747 Btcpayserver Cross-site Scripting vulnerability in Btcpayserver

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

5.4
2023-02-07 CVE-2022-47418 Logicaldoc Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.

5.4
2023-02-07 CVE-2023-0731 Interactive GEO Maps Project Unspecified vulnerability in Interactive GEO Maps Project Interactive GEO Maps

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-02-07 CVE-2023-0736 Wallabag Cross-site Scripting vulnerability in Wallabag

Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.

5.4
2023-02-07 CVE-2022-47413 Openkm Cross-site Scripting vulnerability in Openkm 6.3.12

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.

5.4
2023-02-07 CVE-2022-47414 Openkm Cross-site Scripting vulnerability in Openkm 6.3.12

If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.

5.4
2023-02-07 CVE-2022-47415 Logicaldoc Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies).

5.4
2023-02-07 CVE-2022-47416 Logicaldoc Cross-site Scripting vulnerability in Logicaldoc 8.8.2

LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system.

5.4
2023-02-07 CVE-2022-47417 Logicaldoc Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.

5.4
2023-02-07 CVE-2022-47419 Mayan Edms Cross-site Scripting vulnerability in Mayan-Edms Mayan Edms 4.3.3

An XSS vulnerability was discovered in the Mayan EDMS DMS.

5.4
2023-02-07 CVE-2022-47412 Onlyoffice Cross-site Scripting vulnerability in Onlyoffice Workspace

Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition.

5.4
2023-02-07 CVE-2022-41311 Moxa Cross-site Scripting vulnerability in Moxa Sds-3008-T Firmware and Sds-3008 Firmware

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1.

5.4
2023-02-07 CVE-2022-41312 Moxa Cross-site Scripting vulnerability in Moxa Sds-3008-T Firmware and Sds-3008 Firmware

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1.

5.4
2023-02-07 CVE-2022-41313 Moxa Cross-site Scripting vulnerability in Moxa Sds-3008-T Firmware and Sds-3008 Firmware

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1.

5.4
2023-02-06 CVE-2022-4459 WP Show Posts Project Unspecified vulnerability in WP Show Posts Project WP Show Posts

The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4577 Goldplugins Cross-site Scripting vulnerability in Goldplugins Easy Testimonials

The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4626 Passwordprotectwp Unspecified vulnerability in Passwordprotectwp Password Protect Wordpress

The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4657 Oracle Unspecified vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-06 CVE-2022-4664 Logichunt Unspecified vulnerability in Logichunt Logo Slider

The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-06 CVE-2022-4670 PDF JS Viewer Project Unspecified vulnerability in Pdf.Js Viewer Project Pdf.Js Viewer

The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2022-4674 Vowelweb Unspecified vulnerability in Vowelweb Ibtana

The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack

5.4
2023-02-06 CVE-2022-4677 Mapsmarker Unspecified vulnerability in Mapsmarker Leaflet Maps Marker

The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-02-06 CVE-2022-4717 Machothemes Unspecified vulnerability in Machothemes Strong Testimonials

The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4747 Essentialplugin Unspecified vulnerability in Essentialplugin Download Post Category Image With Grid and Slider

The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4756 MY Youtube Channel Project Unspecified vulnerability in MY Youtube Channel Project MY Youtube Channel 3.0.12.1

The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4762 Extendthemes Unspecified vulnerability in Extendthemes Materialis Companion

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4824 Essentialplugin Cross-site Scripting vulnerability in Essentialplugin WP Blog and Widget

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4825 Download WP Showhide Project Unspecified vulnerability in Download Wp-Showhide Project Download Wp-Showhide

The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4826 Simple Tooltips Project Unspecified vulnerability in Simple Tooltips Project Simple Tooltips

The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-06 CVE-2022-4833 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4836 Pickplugins Unspecified vulnerability in Pickplugins Breadcrumb

The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2022-4838 Codection Cross-site Scripting vulnerability in Codection Clean Login

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2023-0062 Wpfactory Unspecified vulnerability in Wpfactory EAN for Woocommerce

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0070 Responsivevoice Unspecified vulnerability in Responsivevoice Text to Speech

The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0072 Wcvendors Unspecified vulnerability in Wcvendors WC Vendors Marketplace

The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0081 Monsterinsights Unspecified vulnerability in Monsterinsights

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0082 Exactmetrics Unspecified vulnerability in Exactmetrics

The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0095 A3Rev Unspecified vulnerability in A3Rev Page View Count

The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0096 Happyforms Unspecified vulnerability in Happyforms

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0143 Send PDF FOR Contact Form 7 Project Unspecified vulnerability in Send PDF for Contact Form 7 Project Send PDF for Contact Form 7

The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-06 CVE-2023-0144 Mage People Cross-site Scripting vulnerability in Mage-People Event Manager and Tickets Selling for Woocommerce

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0146 Naver MAP Project Unspecified vulnerability in Naver MAP Project Naver MAP

The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0147 Flexible Captcha Project Unspecified vulnerability in Flexible Captcha Project Flexible Captcha

The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-06 CVE-2023-0148 Vilyon Unspecified vulnerability in Vilyon Gallery Factory Lite

The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0149 Wordprezi Project Unspecified vulnerability in Wordprezi Project Wordprezi

The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-06 CVE-2023-0150 Cloak Front END Email Project Unspecified vulnerability in Cloak Front END Email Project Cloak Front END Email

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-06 CVE-2023-0153 Vimeo Video Autoplay Automute Project Unspecified vulnerability in Vimeo Video Autoplay Automute Project Vimeo Video Autoplay Automute

The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0154 Gamipress Unspecified vulnerability in Gamipress

The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0170 Bplugins Unspecified vulnerability in Bplugins Html5 Audio Player 2.1.3

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0171 Twinpictures Unspecified vulnerability in Twinpictures Jquery T(-) Countdown Widget

The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0173 Getwpfunnels Unspecified vulnerability in Getwpfunnels Drag & Drop Sales Funnel Builder

The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0174 Rextheme Cross-site Scripting vulnerability in Rextheme WP VR

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0176 Rafflepress Unspecified vulnerability in Rafflepress Giveaways and Contests BY Rafflepress

The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0178 Twinpictures Unspecified vulnerability in Twinpictures Annual Archive

The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2023-0252 Webberzone Unspecified vulnerability in Webberzone Contextual Related Posts

The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-06 CVE-2023-0282 Plugin Unspecified vulnerability in Plugin Yourchannel

The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.

5.4
2023-02-06 CVE-2022-48085 Softr Cross-site Scripting vulnerability in Softr 2.0

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.

5.4
2023-02-11 CVE-2022-34389 Dell Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component.

5.3
2023-02-11 CVE-2022-46675 Dell Information Exposure Through an Error Message vulnerability in Dell Wyse Management Suite

Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability.

5.3
2023-02-10 CVE-2018-7935 Huawei Unspecified vulnerability in Huawei E5573Cs-322 Firmware 21.328.01.00.00

There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322.

5.3
2023-02-09 CVE-2023-24688 Mojoportal Unspecified vulnerability in Mojoportal 2.7.0.0

An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.

5.3
2023-02-09 CVE-2023-24815 Eclipse Path Traversal vulnerability in Eclipse Vert.X-Web

Vert.x-Web is a set of building blocks for building web applications in the java programming language.

5.3
2023-02-09 CVE-2022-30564 Dahuasecurity Unspecified vulnerability in Dahuasecurity products

Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp.

5.3
2023-02-09 CVE-2022-48296 Huawei Improper Preservation of Permissions vulnerability in Huawei Emui and Harmonyos

The SystemUI has a vulnerability in permission management.

5.3
2023-02-08 CVE-2022-45190 Microchip Missing Authentication for Critical Function vulnerability in Microchip Rn4870 Firmware 1.43

An issue was discovered on Microchip RN4870 1.43 devices.

5.3
2023-02-07 CVE-2022-40691 Moxa Unspecified vulnerability in Moxa Sds-3008-T Firmware and Sds-3008 Firmware

An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1.

5.3
2023-02-11 CVE-2022-46676 Dell Unspecified vulnerability in Dell Wyse Management Suite

Wyse Management Suite 3.8 and below contain an improper access control vulnerability.

4.9
2023-02-11 CVE-2022-46677 Dell Unspecified vulnerability in Dell Wyse Management Suite

Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.

4.9
2023-02-11 CVE-2022-46678 Dell Unspecified vulnerability in Dell Wyse Management Suite

Wyse Management Suite 3.8 and below contain an improper access control vulnerability.

4.9
2023-02-11 CVE-2022-46755 Dell Unspecified vulnerability in Dell Wyse Management Suite

Wyse Management Suite 3.8 and below contain an improper access control vulnerability.

4.9
2023-02-10 CVE-2022-46650 Sierrawireless Information Exposure vulnerability in Sierrawireless Aleos

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.

4.9
2023-02-06 CVE-2022-42439 IBM Information Exposure Through Log Files vulnerability in IBM products

IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker.

4.9
2023-02-06 CVE-2022-42950 Couchbase Unspecified vulnerability in Couchbase Server

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2.

4.9
2023-02-12 CVE-2023-0786 Phpmyfaq Cross-site Scripting vulnerability in PHPmyfaq

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

4.8
2023-02-11 CVE-2022-34451 Dell Cross-site Scripting vulnerability in Dell Powerpath Management Appliance

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability.

4.8
2023-02-10 CVE-2022-33934 Dell Cross-site Scripting vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities.

4.8
2023-02-10 CVE-2023-24230 Formwork Project Cross-site Scripting vulnerability in Formwork Project Formwork 1.12.1

A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.

4.8
2023-02-10 CVE-2023-24231 Inventory Management System Project Cross-site Scripting vulnerability in Inventory Management System Project Inventory Management System 1.0

A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.

4.8
2023-02-10 CVE-2023-24232 Inventory Management System Project Cross-site Scripting vulnerability in Inventory Management System Project Inventory Management System 1.0

A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

4.8
2023-02-10 CVE-2023-24233 Inventory Management System Project Cross-site Scripting vulnerability in Inventory Management System Project Inventory Management System 1.0

A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.

4.8
2023-02-10 CVE-2023-24234 Inventory Management System Project Cross-site Scripting vulnerability in Inventory Management System Project Inventory Management System 1.0

A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.

4.8
2023-02-09 CVE-2023-24686 Churchcrm Cross-site Scripting vulnerability in Churchcrm

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.

4.8
2023-02-12 CVE-2022-47331 Google Race Condition vulnerability in Google Android 10.0/11.0

In wlan driver, there is a race condition.

4.7
2023-02-08 CVE-2022-34362 IBM Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 6.0.3

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

4.6
2023-02-08 CVE-2023-23475 IBM Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.7

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting.

4.6
2023-02-07 CVE-2023-22735 Zulip Interpretation Conflict vulnerability in Zulip Server 20230109

Zulip is an open-source team collaboration tool.

4.6
2023-02-11 CVE-2022-34445 Dell Insufficiently Protected Credentials vulnerability in Dell Powerscale Onefs

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password.

4.4
2023-02-10 CVE-2022-34364 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell Bsafe Ssl-J

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability.

4.4
2023-02-06 CVE-2022-32595 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In widevine, there is a possible out of bounds read due to an incorrect bounds check.

4.4
2023-02-06 CVE-2023-20605 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-02-06 CVE-2023-20606 Google Improper Input Validation vulnerability in Google Android 12.0/12.1

In apusys, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-02-06 CVE-2023-20609 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In ccu, there is a possible out of bounds read due to a logic error.

4.4
2023-02-09 CVE-2023-24689 Mojoportal Path Traversal vulnerability in Mojoportal 2.7.0.0

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx

4.3
2023-02-08 CVE-2023-25165 Helm Information Exposure vulnerability in Helm

Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3.

4.3
2023-02-08 CVE-2023-0684 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0685 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0711 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0715 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0716 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0717 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0720 Wickedplugins Missing Authorization vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0722 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0724 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0725 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0726 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-08 CVE-2023-0718 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2023-0712 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2023-0719 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2023-0723 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2023-0727 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2023-0730 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2023-0713 Wickedplugins Missing Authorization vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2023-0728 Wickedplugins Unspecified vulnerability in Wickedplugins Wicked Folders

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16.

4.3
2023-02-07 CVE-2022-45854 Zyxel Improper Check for Unusual or Exceptional Conditions vulnerability in Zyxel products

An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.

4.3
2023-02-06 CVE-2023-23943 Nextcloud Server-Side Request Forgery (SSRF) vulnerability in Nextcloud Mail

Nextcloud mail is an email app for the nextcloud home server platform.

4.3
2023-02-06 CVE-2020-36660 EVE Ship Replacement Program Project Unspecified vulnerability in EVE Ship Replacement Program Project EVE Ship Replacement Program 0.12.11

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11.

4.3
2023-02-10 CVE-2022-24410 Dell Cleartext Storage of Sensitive Information vulnerability in Dell products

Dell BIOS contains an information exposure vulnerability.

4.2

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-12 CVE-2023-0785 Best Online News Portal Project Unspecified vulnerability in Best Online News Portal Project Best Online News Portal 1.0

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0.

3.7
2023-02-12 CVE-2022-42436 IBM Unspecified vulnerability in IBM MQ

IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files.

3.3
2023-02-09 CVE-2023-21424 Samsung Incorrect Authorization vulnerability in Samsung Android 11.0/12.0

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.

3.3
2023-02-09 CVE-2023-21428 Samsung Improper Input Validation vulnerability in Samsung Android 11.0/12.0

Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.

3.3
2023-02-09 CVE-2023-21429 Samsung Unspecified vulnerability in Samsung Android 10.0/11.0

Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.

3.3
2023-02-09 CVE-2023-21431 Samsung Improper Input Validation vulnerability in Samsung Bixby Vision 3.7.50.6

Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision.

3.3
2023-02-09 CVE-2023-21436 Samsung Unspecified vulnerability in Samsung Android 10.0/11.0

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.

3.3
2023-02-09 CVE-2023-21447 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Cloud 4.7.0.3/5.1.0.8

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud&#39;s privilege via implicit intent.

3.3
2023-02-09 CVE-2023-21448 Samsung Path Traversal vulnerability in Samsung Cloud 4.7.0.3/5.1.0.8

Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file.

3.3
2023-02-10 CVE-2022-34452 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell Powerpath Management Appliance

PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability.

2.7
2023-02-09 CVE-2023-21438 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Android 11.0/12.0

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.

2.4
2023-02-09 CVE-2023-21450 Samsung Missing Authorization vulnerability in Samsung ONE Hand Operation +

Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner&#39;s widget without authorization via gesture setting.

2.1