Weekly Vulnerabilities Reports > February 13 to 19, 2023

Overview

694 new vulnerabilities reported during this period, including 79 critical vulnerabilities and 350 high severity vulnerabilities. This weekly summary report vulnerabilities in 1378 products from 248 vendors including Microsoft, Intel, Siemens, Fortinet, and Adobe. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "SQL Injection", and "Path Traversal".

  • 432 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 190 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 365 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 78 reported vulnerabilities.
  • Totolink has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

79 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-15 CVE-2023-25765 Jenkins Unspecified vulnerability in Jenkins Email Extension

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

9.9
2023-02-19 CVE-2014-125087 Java Xmlbuilder Project XXE vulnerability in Java-Xmlbuilder Project Java-Xmlbuilder

A vulnerability was found in java-xmlbuilder up to 1.1.

9.8
2023-02-19 CVE-2023-0917 Simple Customer Relationship Management System Project SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0.

9.8
2023-02-19 CVE-2023-0918 Pharmacy Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Pharmacy Management System Project Pharmacy Management System 1.0

A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical.

9.8
2023-02-18 CVE-2023-0910 Online Pizza Ordering System Project SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical.

9.8
2023-02-18 CVE-2023-0906 Online Pizza Ordering System Project Missing Authentication for Critical Function vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0.

9.8
2023-02-17 CVE-2021-26277 Vivo Unspecified vulnerability in Vivo Frame Service

The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.

9.8
2023-02-17 CVE-2022-40021 Qvidium Command Injection vulnerability in Qvidium Amino A140 Firmware

QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability.

9.8
2023-02-17 CVE-2023-23064 Totolink Incorrect Authorization vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610

TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.

9.8
2023-02-17 CVE-2023-23279 Canteen Management System Project SQL Injection vulnerability in Canteen Management System Project Canteen Management System 1.0

Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.

9.8
2023-02-17 CVE-2021-32163 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Modular Open Smart Network

Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization.

9.8
2023-02-17 CVE-2021-33226 Saltstack Classic Buffer Overflow vulnerability in Saltstack Salt

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.

9.8
2023-02-17 CVE-2021-33391 Htacg Use After Free vulnerability in Htacg Tidy 5.7.28

An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.

9.8
2023-02-17 CVE-2021-33948 Hotels Server Project SQL Injection vulnerability in Hotels Server Project Hotels Server 1.0

SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.

9.8
2023-02-17 CVE-2021-33949 WMS Project Unspecified vulnerability in WMS Project WMS 1.1

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.

9.8
2023-02-17 CVE-2021-34182 Ttyd Project Incorrect Default Permissions vulnerability in Ttyd Project Ttyd 1.6.3

An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.

9.8
2023-02-17 CVE-2021-35261 Bearadmin Project Unrestricted Upload of File with Dangerous Type vulnerability in Bearadmin Project Bearadmin

File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.

9.8
2023-02-17 CVE-2022-47986 IBM Deserialization of Untrusted Data vulnerability in IBM Aspera Faspex 4.4.1/4.4.2

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw.

9.8
2023-02-17 CVE-2020-29168 Online Doctor Appointment Booking System PHP AND Mysql Project SQL Injection vulnerability in Online Doctor Appointment Booking System PHP and Mysql Project Online Doctor Appointment Booking System PHP and Mysql 1.0

SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.

9.8
2023-02-17 CVE-2022-40032 Simple Task Managing System Project SQL Injection vulnerability in Simple Task Managing System Project Simple Task Managing System 1.0

SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.

9.8
2023-02-17 CVE-2022-40347 Intern Record System Project SQL Injection vulnerability in Intern Record System Project Intern Record System 1.0

SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.

9.8
2023-02-17 CVE-2023-0883 Online Pizza Ordering System Project SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical.

9.8
2023-02-17 CVE-2023-24219 Luckyframe SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.

9.8
2023-02-17 CVE-2023-24220 Luckyframe SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.

9.8
2023-02-17 CVE-2023-24221 Luckyframe SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.

9.8
2023-02-16 CVE-2021-43529 Mozilla Out-of-bounds Write vulnerability in Mozilla Thunderbird

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages.

9.8
2023-02-16 CVE-2022-29514 Intel Unspecified vulnerability in Intel System Usage Report

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2023-02-16 CVE-2022-33964 Intel Improper Input Validation vulnerability in Intel System Usage Report

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2023-02-16 CVE-2022-25987 Intel Unspecified vulnerability in Intel C++ Compiler Classic

Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2023-02-16 CVE-2022-26843 Intel Unspecified vulnerability in Intel Oneapi Dpc++/C++ Compiler

Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2023-02-16 CVE-2021-42756 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

9.8
2023-02-16 CVE-2021-42761 Fortinet Session Fixation vulnerability in Fortinet Fortiweb

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.

9.8
2023-02-16 CVE-2022-38375 Fortinet Unspecified vulnerability in Fortinet Fortinac and Fortinac-F

An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.

9.8
2023-02-16 CVE-2022-39952 Fortinet Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortinac

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.

9.8
2023-02-16 CVE-2023-22578 Sequelizejs Unspecified vulnerability in Sequelizejs Sequelize

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

9.8
2023-02-16 CVE-2023-24236 Totolink Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.

9.8
2023-02-16 CVE-2023-24238 Totolink Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.

9.8
2023-02-15 CVE-2020-21119 Kliqqi SQL Injection vulnerability in Kliqqi CMS 2.0.2

SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.

9.8
2023-02-15 CVE-2020-21120 Uqcms SQL Injection vulnerability in Uqcms 2.1.3

SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.

9.8
2023-02-15 CVE-2021-33304 Altran Double Free vulnerability in Altran Picotcp and Picotcp-Ng

Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.

9.8
2023-02-15 CVE-2021-33925 CMS Corephp Project SQL Injection vulnerability in Cms-Corephp Project Cms-Corephp

SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.

9.8
2023-02-15 CVE-2023-0849 Netgear Command Injection vulnerability in Netgear Wndr3700 Firmware 1.0.1.14

A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical.

9.8
2023-02-15 CVE-2023-22855 Kardex Code Injection vulnerability in Kardex Control Center 5.7.12+0A203C2A213Master

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution.

9.8
2023-02-15 CVE-2023-23459 Priority Software SQL Injection vulnerability in Priority-Software Priority 22.0

Priority Windows may allow Command Execution via SQL Injection using an unspecified method.

9.8
2023-02-15 CVE-2023-23460 Priority Software Improper Authentication vulnerability in Priority-Software Priority 19.1.0.68

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.

9.8
2023-02-15 CVE-2023-23461 Libpeconv Project Unspecified vulnerability in Libpeconv Project Libpeconv

Libpeconv – access violation, before commit b076013 (30/11/2022).

9.8
2023-02-15 CVE-2023-23462 Libpeconv Project Integer Overflow or Wraparound vulnerability in Libpeconv Project Libpeconv

Libpeconv – integer overflow, before commit 75b1565 (30/11/2022).

9.8
2023-02-15 CVE-2023-22804 LS Electric Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC.

9.8
2023-02-15 CVE-2023-22807 LS Electric Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol.

9.8
2023-02-15 CVE-2022-46892 Amperecomputing Unspecified vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware

In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.

9.8
2023-02-15 CVE-2023-25156 Kiwitcms Improper Restriction of Excessive Authentication Attempts vulnerability in Kiwitcms Kiwi Tcms

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0.

9.8
2023-02-14 CVE-2023-21689 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

9.8
2023-02-14 CVE-2023-21690 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

9.8
2023-02-14 CVE-2023-21692 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

9.8
2023-02-14 CVE-2023-21716 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Word Remote Code Execution Vulnerability

9.8
2023-02-14 CVE-2023-21803 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Discovery Service Remote Code Execution Vulnerability

9.8
2023-02-14 CVE-2023-24159 Totolink Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.

9.8
2023-02-14 CVE-2023-24160 Totolink Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

9.8
2023-02-14 CVE-2023-24161 Totolink Command Injection vulnerability in Totolink Ca300-Poe Firmware 6.2C.884

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

9.8
2023-02-14 CVE-2023-24482 Siemens Classic Buffer Overflow vulnerability in Siemens Comos

A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25).

9.8
2023-02-13 CVE-2022-47034 Playsms Incorrect Comparison vulnerability in Playsms

A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.

9.8
2023-02-13 CVE-2023-24084 Chikoi Project SQL Injection vulnerability in Chikoi Project Chikoi 1.0

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.

9.8
2023-02-13 CVE-2023-24646 Online Food Ordering System Project Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.

9.8
2023-02-13 CVE-2023-25717 Ruckuswireless Code Injection vulnerability in Ruckuswireless Ruckus Wireless Admin, Smartzone and Smartzone AP

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

9.8
2023-02-13 CVE-2023-25718 Connectwise Improper Verification of Cryptographic Signature vulnerability in Connectwise Control 19.3.25270.7185

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file.

9.8
2023-02-13 CVE-2023-23551 Controlbyweb Code Injection vulnerability in Controlbyweb X-600M Firmware

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.

9.8
2023-02-13 CVE-2022-3089 Echelon Cleartext Storage of Sensitive Information vulnerability in Echelon I.Lon Vision 2.2

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer.

9.8
2023-02-13 CVE-2022-40022 Microchip Command Injection vulnerability in Microchip Syncserver S650 Firmware

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

9.8
2023-02-13 CVE-2022-4445 Fl3R Feelbox Project Unspecified vulnerability in Fl3R Feelbox Project Fl3R Feelbox

The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

9.8
2023-02-13 CVE-2022-48322 Netgear Out-of-bounds Write vulnerability in Netgear products

NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability.

9.8
2023-02-13 CVE-2022-48323 Sunlogin Path Traversal vulnerability in Sunlogin Sunflower 1.0.1.43315

Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue.

9.8
2023-02-15 CVE-2020-19825 Kimai Cross-site Scripting vulnerability in Kimai 1.30.0

Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.

9.6
2023-02-16 CVE-2022-39954 Fortinet XXE vulnerability in Fortinet Fortinac and Fortinac-F

An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.

9.1
2023-02-16 CVE-2022-3843 Wago Hidden Functionality vulnerability in Wago 852-111/000-001 Firmware 01

In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.

9.1
2023-02-16 CVE-2022-43969 Ricoh Unspecified vulnerability in Ricoh products

Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.

9.1
2023-02-15 CVE-2023-0102 LS Electric Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command.

9.1
2023-02-14 CVE-2023-25725 Haproxy
Debian
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1.
9.1
2023-02-14 CVE-2023-24530 SAP Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network.

9.1
2023-02-13 CVE-2023-24188 Ureport Project Path Traversal vulnerability in Ureport Project Ureport 2.2.9

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.

9.1

350 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-19 CVE-2023-0915 Auto Dealer Management System Project SQL Injection vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0.

8.8
2023-02-19 CVE-2023-0916 Auto Dealer Management System Project Unspecified vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0.

8.8
2023-02-18 CVE-2023-0912 Auto Dealer Management System Project SQL Injection vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0.

8.8
2023-02-18 CVE-2023-0913 Auto Dealer Management System Project SQL Injection vulnerability in Auto Dealer Management System Project Auto Dealer Management System 1.0

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0.

8.8
2023-02-18 CVE-2023-0903 Employee Task Management System Project SQL Injection vulnerability in Employee Task Management System Project Employee Task Management System 1.0

A vulnerability was found in SourceCodester Employee Task Management System 1.0.

8.8
2023-02-18 CVE-2023-0904 Employee Task Management System Project SQL Injection vulnerability in Employee Task Management System Project Employee Task Management System 1.0

A vulnerability was found in SourceCodester Employee Task Management System 1.0.

8.8
2023-02-17 CVE-2022-40231 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls.

8.8
2023-02-17 CVE-2021-33926 Plone Server-Side Request Forgery (SSRF) vulnerability in Plone

An issue in Plone CMS v.

8.8
2023-02-17 CVE-2021-34164 Lizhifaka Project Incorrect Default Permissions vulnerability in Lizhifaka Project Lizhifaka 2.2.0

Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.

8.8
2023-02-17 CVE-2022-40232 IBM Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls.

8.8
2023-02-17 CVE-2023-0822 Deltaww Files or Directories Accessible to External Parties vulnerability in Deltaww Diaenergie

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.

8.8
2023-02-17 CVE-2022-45701 Commscope Unspecified vulnerability in Commscope products

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.

8.8
2023-02-17 CVE-2023-0882 Krontech Authorization Bypass Through User-Controlled Key vulnerability in Krontech Single Connect 2.16

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16.

8.8
2023-02-17 CVE-2023-24078 Realtimelogic Code Injection vulnerability in Realtimelogic Fuguhub

Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.

8.8
2023-02-17 CVE-2023-0877 Froxlor Code Injection vulnerability in Froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.

8.8
2023-02-16 CVE-2022-30303 Fortinet OS Command Injection vulnerability in Fortinet Fortiweb

An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests.

8.8
2023-02-16 CVE-2022-30306 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

8.8
2023-02-16 CVE-2022-33869 Fortinet OS Command Injection vulnerability in Fortinet Fortiwan

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

8.8
2023-02-16 CVE-2022-40677 Fortinet Argument Injection or Modification vulnerability in Fortinet Fortinac

A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.

8.8
2023-02-16 CVE-2023-23779 Fortinet OS Command Injection vulnerability in Fortinet Fortiweb

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

8.8
2023-02-16 CVE-2023-23780 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.

8.8
2023-02-16 CVE-2023-23781 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.

8.8
2023-02-16 CVE-2023-22579 Sequelizejs Type Confusion vulnerability in Sequelizejs Sequelize 7.0.0

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

8.8
2023-02-16 CVE-2023-0862 Netmodule Path Traversal vulnerability in Netmodule Router Software

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion.

8.8
2023-02-16 CVE-2023-0861 Netmodule OS Command Injection vulnerability in Netmodule Router Software

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

8.8
2023-02-15 CVE-2022-38867 Rttys Project SQL Injection vulnerability in Rttys Project Rttys

SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.

8.8
2023-02-15 CVE-2022-38935 Niter Unspecified vulnerability in Niter Niterforum 2.5.0

An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.

8.8
2023-02-15 CVE-2023-23465 Mediacp Cross-Site Request Forgery (CSRF) vulnerability in Mediacp Media Control Panel 2.13.1

Media CP Media Control Panel latest version.

8.8
2023-02-15 CVE-2023-0841 Gpac Out-of-bounds Write vulnerability in Gpac 2.3Devrev40G3602A5Ded

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded.

8.8
2023-02-15 CVE-2023-25767 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Azure Credentials

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.

8.8
2023-02-15 CVE-2022-42735 Apache Improper Privilege Management vulnerability in Apache Shenyu 2.5.0

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .

8.8
2023-02-15 CVE-2022-29557 Relx Cross-Site Request Forgery (CSRF) vulnerability in Relx Firco Compliance Link 3.7

LexisNexis Firco Compliance Link 3.7 allows CSRF.

8.8
2023-02-14 CVE-2023-21529 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21684 Microsoft Unspecified vulnerability in Microsoft products

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21685 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21686 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21695 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21705 Microsoft Unspecified vulnerability in Microsoft SQL Server

Microsoft SQL Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21706 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21707 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21713 Microsoft Unspecified vulnerability in Microsoft SQL Server

Microsoft SQL Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21717 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SharePoint Server Elevation of Privilege Vulnerability

8.8
2023-02-14 CVE-2023-21797 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21798 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-21799 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-02-14 CVE-2023-22629 Southrivertech Path Traversal vulnerability in Southrivertech Titan FTP Server

An issue was discovered in TitanFTP through 1.94.1205.

8.8
2023-02-14 CVE-2023-22935 Splunk Command Injection vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands.

8.8
2023-02-14 CVE-2023-22939 Splunk Unspecified vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands.

8.8
2023-02-14 CVE-2023-0830 Easynas OS Command Injection vulnerability in Easynas 1.1.0

A vulnerability classified as critical has been found in EasyNAS 1.1.0.

8.8
2023-02-14 CVE-2023-25149 Timescale Improper Privilege Management vulnerability in Timescale Timescaledb

TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2.

8.8
2023-02-14 CVE-2022-46862 Expresstech Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Quiz and Survey Master

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.

8.8
2023-02-14 CVE-2023-24377 Lightspeedhq Cross-Site Request Forgery (CSRF) vulnerability in Lightspeedhq Ecwid Ecommerce Shopping Cart

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.

8.8
2023-02-14 CVE-2023-24382 Material Design Icons FOR Page Builders Project Cross-Site Request Forgery (CSRF) vulnerability in Material Design Icons for Page Builders Project Material Design Icons for Page Builders

Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.

8.8
2023-02-14 CVE-2023-25065 Shapedplugin Cross-Site Request Forgery (CSRF) vulnerability in Shapedplugin WP Tabs

Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.

8.8
2023-02-14 CVE-2022-43469 Orchestrated Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (Covid-19) Banner & Live Data

Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions.

8.8
2023-02-14 CVE-2023-25066 Foliovision Cross-Site Request Forgery (CSRF) vulnerability in Foliovision FV Flowplayer Video Player

Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions.

8.8
2023-02-14 CVE-2023-24523 SAP Exposure of Resource to Wrong Sphere vulnerability in SAP Host Agent 7.21/7.22

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.

8.8
2023-02-14 CVE-2023-22375 Planex Cross-Site Request Forgery (CSRF) vulnerability in Planex Cs-Wmv02G Firmware

Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page.

8.8
2023-02-13 CVE-2023-25240 Pimcore Unspecified vulnerability in Pimcore 10.5.15

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.

8.8
2023-02-13 CVE-2023-25719 Connectwise Injection vulnerability in Connectwise Control 19.3.25270.7185

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter.

8.8
2023-02-13 CVE-2022-41134 Optinly Cross-Site Request Forgery (CSRF) vulnerability in Optinly

Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.

8.8
2023-02-13 CVE-2023-0080 Cusrev Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack.

8.8
2023-02-13 CVE-2023-0098 Getlasso Unspecified vulnerability in Getlasso Simple Urls

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.

8.8
2023-02-13 CVE-2023-0220 Pinpoint Unspecified vulnerability in Pinpoint Booking System

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.

8.8
2023-02-13 CVE-2023-0255 Shortpixel Unrestricted Upload of File with Dangerous Type vulnerability in Shortpixel Enable Media Replace

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

8.8
2023-02-13 CVE-2023-0259 Ljapps Unspecified vulnerability in Ljapps WP Google Review Slider

The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

8.8
2023-02-13 CVE-2023-0260 Ljapps Unspecified vulnerability in Ljapps WP Review Slider

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

8.8
2023-02-13 CVE-2023-0261 Ljapps Unspecified vulnerability in Ljapps WP Tripadvisor Review Slider

The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

8.8
2023-02-13 CVE-2023-0262 Ljapps Unspecified vulnerability in Ljapps WP Airbnb Review Slider

The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

8.8
2023-02-13 CVE-2023-0263 Ljapps Unspecified vulnerability in Ljapps WP Yelp Review Slider

The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

8.8
2023-02-13 CVE-2022-45725 Comfast Improper Input Validation vulnerability in Comfast Cf-Wr610N Firmware 2.3.1

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request

8.8
2023-02-14 CVE-2023-21777 Microsoft Improper Privilege Management vulnerability in Microsoft Azure APP Service on Azure Stack

Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability

8.7
2023-02-16 CVE-2023-23947 Argoproj Incorrect Authorization vulnerability in Argoproj Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

8.5
2023-02-14 CVE-2023-23374 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.3
2023-02-17 CVE-2023-23923 Moodle Unspecified vulnerability in Moodle

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference.

8.2
2023-02-16 CVE-2021-0187 Intel Unspecified vulnerability in Intel products

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

8.2
2023-02-14 CVE-2023-21806 Microsoft Unspecified vulnerability in Microsoft Power BI Report Server 15.0.1103.234/15.0.1104.300/15.0.1107.165

Power BI Report Server Spoofing Vulnerability

8.2
2023-02-14 CVE-2023-25564 GSS Ntlmssp Project Out-of-bounds Write vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication.

8.2
2023-02-17 CVE-2021-3172 PHP Fusion Unspecified vulnerability in PHP-Fusion 9.03.90

An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.

8.1
2023-02-16 CVE-2022-41335 Fortinet Path Traversal vulnerability in Fortinet Fortios, Fortiproxy and Fortiswitchmanager

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.

8.1
2023-02-16 CVE-2023-23926 Neo4J XXE vulnerability in Neo4J Awesome Procedures on Cyper

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j.

8.1
2023-02-16 CVE-2023-0568 PHP Allocation of Resources Without Limits or Throttling vulnerability in PHP

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small.

8.1
2023-02-13 CVE-2022-4138 Gitlab Cross-Site Request Forgery (CSRF) vulnerability in Gitlab

A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1.

8.1
2023-02-14 CVE-2023-21778 Microsoft Unspecified vulnerability in Microsoft Dynamics 365

Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability

8.0
2023-02-14 CVE-2023-22934 Splunk Unspecified vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job.

8.0
2023-02-18 CVE-2023-0908 Xoslab Improper Resource Shutdown or Release vulnerability in Xoslab Easy File Locker 2.2.0.184

A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184.

7.8
2023-02-17 CVE-2021-32845 Mobyproject Unchecked Return Value vulnerability in Mobyproject Hyperkit

HyperKit is a toolkit for embedding hypervisor capabilities in an application.

7.8
2023-02-17 CVE-2021-32846 Mobyproject Improper Check for Unusual or Exceptional Conditions vulnerability in Mobyproject Hyperkit

HyperKit is a toolkit for embedding hypervisor capabilities in an application.

7.8
2023-02-17 CVE-2023-21574 Adobe Improper Input Validation vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-21575 Adobe Out-of-bounds Write vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-21576 Adobe Out-of-bounds Write vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-21619 Adobe Out-of-bounds Write vulnerability in Adobe Framemaker

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-21621 Adobe Improper Input Validation vulnerability in Adobe Framemaker

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-21622 Adobe Out-of-bounds Write vulnerability in Adobe Framemaker

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22226 Adobe Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22227 Adobe Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22228 Adobe Improper Input Validation vulnerability in Adobe Bridge 12.0.1

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22229 Adobe Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22230 Adobe Out-of-bounds Write vulnerability in Adobe Bridge 12.0.1

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22234 Adobe Out-of-bounds Write vulnerability in Adobe Premiere Rush

Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22236 Adobe Out-of-bounds Write vulnerability in Adobe Animate

Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22237 Adobe Out-of-bounds Write vulnerability in Adobe After Effects 22.1.1/22.2.1

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22238 Adobe Out-of-bounds Write vulnerability in Adobe After Effects 22.1.1/22.2.1

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22239 Adobe Improper Input Validation vulnerability in Adobe After Effects 22.1.1/22.2.1

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22243 Adobe Out-of-bounds Write vulnerability in Adobe Animate

Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22244 Adobe Use After Free vulnerability in Adobe Premiere Rush

Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2023-22246 Adobe Use After Free vulnerability in Adobe Animate

Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-02-17 CVE-2021-32142 Libraw Out-of-bounds Write vulnerability in Libraw 0.20.0

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

7.8
2023-02-17 CVE-2021-33983 Flatcc Project Classic Buffer Overflow vulnerability in Flatcc Project Flatcc 0.6.0

Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.

7.8
2023-02-17 CVE-2022-32972 Infoblox Uncontrolled Search Path Element vulnerability in Infoblox Bloxone Endpoint

Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation.

7.8
2023-02-17 CVE-2023-0887 Tftpd64 Project Unquoted Search Path or Element vulnerability in Tftpd64 Project Tftpd64 4.64

A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical.

7.8
2023-02-16 CVE-2022-21163 Intel Unspecified vulnerability in Intel Crypto API Toolkit for Intel SGX

Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-27170 Intel Unspecified vulnerability in Intel Media Software Development KIT

Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-27808 Intel Unspecified vulnerability in Intel Administrative Tools for Intel Network Adapters

Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-32575 Intel Out-of-bounds Write vulnerability in Intel Trace Analyzer and Collector 2017/2020

Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-33190 Intel Improper Input Validation vulnerability in Intel System Usage Report

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-33946 Intel Improper Authentication vulnerability in Intel System Usage Report

Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-34346 Intel Out-of-bounds Read vulnerability in Intel Media Software Development KIT

Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-34841 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Media Software Development KIT

Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-34843 Intel Integer Overflow or Wraparound vulnerability in Intel Trace Analyzer and Collector 2017/2020

Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-34854 Intel Unspecified vulnerability in Intel System Usage Report

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-34864 Intel Out-of-bounds Read vulnerability in Intel Trace Analyzer and Collector 2017/2020

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-36369 Intel Unspecified vulnerability in Intel Qatzip

Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-36397 Intel Incorrect Default Permissions vulnerability in Intel Quickassist Technology 1.7.L.4.10.0/4.2

Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-36416 Vmware Unspecified vulnerability in VMWare Ixgben 1.10.0.1

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-41314 Intel Uncontrolled Search Path Element vulnerability in Intel products

Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-25992 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi-Cli

Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-26840 Intel Unspecified vulnerability in Intel Quartus Prime

Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-30530 Intel Unspecified vulnerability in Intel Driver & Support Assistant

Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-32570 Intel Improper Authentication vulnerability in Intel Quartus Prime

Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-33892 Intel Path Traversal vulnerability in Intel Quartus Prime

Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-33902 Intel Unspecified vulnerability in Intel Quartus Prime

Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-34153 Intel Improper Initialization vulnerability in Intel Battery Life Diagnostic Tool 2.2.0

Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-34157 Intel Unspecified vulnerability in Intel Quartus Prime

Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-36278 Intel Unspecified vulnerability in Intel Battery Life Diagnostic Tool 2.2.0

Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-36348 Intel Unspecified vulnerability in Intel Server Platform Services

Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-36398 Intel Uncontrolled Search Path Element vulnerability in Intel Battery Life Diagnostic Tool 2.2.0

Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-02-16 CVE-2022-40080 Acer Out-of-bounds Write vulnerability in Acer Aspire E5-475G Firmware 1.21

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

7.8
2023-02-16 CVE-2023-0866 Gpac Heap-based Buffer Overflow vulnerability in Gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.

7.8
2023-02-16 CVE-2022-27482 Fortinet OS Command Injection vulnerability in Fortinet Fortiadc

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.

7.8
2023-02-16 CVE-2022-40678 Fortinet Insufficiently Protected Credentials vulnerability in Fortinet Fortinac

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.

7.8
2023-02-16 CVE-2022-40683 Fortinet Double Free vulnerability in Fortinet Fortiweb 7.0.0/7.0.1/7.0.2

A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands

7.8
2023-02-16 CVE-2023-23782 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.

7.8
2023-02-16 CVE-2023-23783 Fortinet Use of Externally-Controlled Format String vulnerability in Fortinet Fortiweb

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

7.8
2023-02-16 CVE-2023-25602 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

7.8
2023-02-16 CVE-2023-24483 Citrix Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops

A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.

7.8
2023-02-16 CVE-2023-24485 Citrix Incorrect Authorization vulnerability in Citrix Workspace 1912/2105/2203.1

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

7.8
2023-02-16 CVE-2023-25173 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Containerd

containerd is an open source container runtime.

7.8
2023-02-15 CVE-2022-42455 Asus Unspecified vulnerability in Asus Armoury Crate

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls.

7.8
2023-02-15 CVE-2022-47506 Solarwinds Path Traversal vulnerability in Solarwinds Orion Platform 2022.4.1

SolarWinds Platform was susceptible to the Directory Traversal Vulnerability.

7.8
2023-02-15 CVE-2022-45153 Suse
Opensuse
Incorrect Default Permissions vulnerability in multiple products

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created.

7.8
2023-02-15 CVE-2023-25011 NEC Unspecified vulnerability in NEC PC Settings Tool

PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges.

7.8
2023-02-15 CVE-2023-20927 Google Unspecified vulnerability in Google Android 13.0

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass.

7.8
2023-02-15 CVE-2023-22368 Elecom Untrusted Search Path vulnerability in Elecom Camera Assistant and Quickfiledealer

Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

7.8
2023-02-14 CVE-2023-21566 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019

Visual Studio Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-21808 Microsoft Unspecified vulnerability in Microsoft products

.NET and Visual Studio Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21815 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019

Visual Studio Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21823 Microsoft Integer Overflow or Wraparound vulnerability in Microsoft products

Windows Graphics Component Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-23381 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019

Visual Studio Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-23618 GIT FOR Windows Project Untrusted Search Path vulnerability in GIT for Windows Project GIT for Windows

Git for Windows is the Windows port of the revision control system Git.

7.8
2023-02-14 CVE-2023-21528 Microsoft Unspecified vulnerability in Microsoft SQL Server

Microsoft SQL Server Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21688 Microsoft Unspecified vulnerability in Microsoft products

NT OS Kernel Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-21704 Microsoft Unspecified vulnerability in Microsoft SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21718 Microsoft Unspecified vulnerability in Microsoft SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21800 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 R2

Windows Installer Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-21801 Microsoft Unspecified vulnerability in Microsoft products

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21802 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21804 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-21805 Microsoft Unspecified vulnerability in Microsoft products

Windows MSHTML Platform Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-21809 Microsoft Unspecified vulnerability in Microsoft Defender Security Intelligence Updates

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability

7.8
2023-02-14 CVE-2023-21812 Microsoft Unspecified vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-21817 Microsoft Unspecified vulnerability in Microsoft products

Windows Kerberos Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-21822 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-23376 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-23377 Microsoft Unspecified vulnerability in Microsoft 3D Builder 20.0.1

3D Builder Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-23378 Microsoft Unspecified vulnerability in Microsoft Print 3D

Print 3D Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2023-23379 Microsoft Unspecified vulnerability in Microsoft Defender for IOT

Microsoft Defender for IoT Elevation of Privilege Vulnerability

7.8
2023-02-14 CVE-2023-23390 Microsoft Unspecified vulnerability in Microsoft 3D Builder 20.0.1

3D Builder Remote Code Execution Vulnerability

7.8
2023-02-14 CVE-2022-31808 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43).

7.8
2023-02-14 CVE-2022-47936 Siemens Stack-based Buffer Overflow vulnerability in Siemens JT Open Toolkit, JT Utilities and Parasolid

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150).

7.8
2023-02-14 CVE-2022-47977 Siemens Out-of-bounds Write vulnerability in Siemens JT Open Toolkit and JT Utilities

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0).

7.8
2023-02-14 CVE-2023-24549 Siemens Stack-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24550 Siemens Heap-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24551 Siemens Heap-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24552 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2022 and Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24553 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24554 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24555 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2022 and Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24556 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24557 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24558 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24559 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24560 Siemens Out-of-bounds Write vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24561 Siemens Access of Uninitialized Pointer vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24562 Siemens Access of Uninitialized Pointer vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24563 Siemens Access of Uninitialized Pointer vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24564 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24581 Siemens Use After Free vulnerability in Siemens Solid Edge Se2023 223.0

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2023-02-14 CVE-2023-24978 Siemens Access of Uninitialized Pointer vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24979 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24980 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24981 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24982 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24983 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24984 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24985 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24986 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24987 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24988 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24989 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24990 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24991 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24992 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24993 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24994 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24995 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-24996 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix Plant Simulation 16.0.5

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006).

7.8
2023-02-14 CVE-2023-25140 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Solid Edge

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V222.0MP12).

7.8
2023-02-14 CVE-2023-24187 Ureport Project XXE vulnerability in Ureport Project Ureport 2.2.9

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.

7.8
2023-02-13 CVE-2023-0817 Gpac Out-of-bounds Read vulnerability in Gpac

Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.

7.8
2023-02-13 CVE-2023-0819 Gpac Heap-based Buffer Overflow vulnerability in Gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.

7.8
2023-02-13 CVE-2022-48077 Genymotion Uncontrolled Search Path Element vulnerability in Genymotion Desktop 3.3.2

Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.

7.8
2023-02-13 CVE-2022-45455 Acronis Incomplete Cleanup vulnerability in Acronis Agent, Cyber Protect and Cyber Protect Home Office

Local privilege escalation due to incomplete uninstallation cleanup.

7.8
2023-02-13 CVE-2023-22345 Jtekt Out-of-bounds Write vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4

Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected.

7.8
2023-02-13 CVE-2023-22346 Jtekt Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information.

7.8
2023-02-13 CVE-2023-22347 Jtekt Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information.

7.8
2023-02-13 CVE-2023-22349 Jtekt Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information.

7.8
2023-02-13 CVE-2023-22350 Jtekt Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information.

7.8
2023-02-13 CVE-2023-22353 Jtekt Out-of-bounds Read vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information.

7.8
2023-02-13 CVE-2023-22360 Jtekt Use After Free vulnerability in Jtekt Screen Creator Advance 2 0.1.1.4

Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected.

7.8
2023-02-18 CVE-2023-0905 Employee Task Management System Project Improper Authentication vulnerability in Employee Task Management System Project Employee Task Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0.

7.5
2023-02-17 CVE-2022-34351 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains.

7.5
2023-02-17 CVE-2023-24960 IBM Path Traversal vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.

7.5
2023-02-17 CVE-2021-32441 Exponentcms SQL Injection vulnerability in Exponentcms Exponent CMS 2.6.0

SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.

7.5
2023-02-17 CVE-2021-33950 Openkm XXE vulnerability in Openkm 6.3.10

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.

7.5
2023-02-17 CVE-2022-20803 Clamav Double Free vulnerability in Clamav 0.104.0/0.104.1/0.104.2

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free.

7.5
2023-02-17 CVE-2022-41734 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Maximo Application Suite and Maximo Asset Management

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

7.5
2023-02-17 CVE-2022-43930 IBM Information Exposure Through Log Files vulnerability in IBM DB2 10.5/11.1/11.5

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file.

7.5
2023-02-17 CVE-2022-43927 IBM Improper Privilege Management vulnerability in IBM DB2 10.5/11.1/11.5

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used.

7.5
2023-02-17 CVE-2022-43929 IBM Improper Input Validation vulnerability in IBM DB2 11.1/11.5

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command.

7.5
2023-02-17 CVE-2023-24329 Python
Fedoraproject
Netapp
Improper Input Validation vulnerability in multiple products

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

7.5
2023-02-16 CVE-2020-6817 Mozilla Unspecified vulnerability in Mozilla Bleach

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS).

7.5
2023-02-16 CVE-2022-47703 Tianjie Missing Authentication for Critical Function vulnerability in Tianjie Cpe906-3 and Cpe906-3 Firmware

TIANJIE CPE906-3 is vulnerable to password disclosure.

7.5
2023-02-16 CVE-2022-30692 Intel Improper Check for Unusual or Exceptional Conditions vulnerability in Intel System Usage Report

Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2023-02-16 CVE-2022-35729 Openbmc Project Out-of-bounds Read vulnerability in Openbmc-Project Openbmc

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

7.5
2023-02-16 CVE-2022-26115 Fortinet Use of Password Hash With Insufficient Computational Effort vulnerability in Fortinet Fortisandbox

A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.

7.5
2023-02-16 CVE-2023-25653 Cisco Infinite Loop vulnerability in Cisco Node-Jose

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers.

7.5
2023-02-16 CVE-2023-24807 Nodejs Unspecified vulnerability in Nodejs Undici

Undici is an HTTP/1.1 client for Node.js.

7.5
2023-02-16 CVE-2022-27892 Palantir Improper Input Validation vulnerability in Palantir Gotham

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.

7.5
2023-02-16 CVE-2022-27897 Palantir Improper Input Validation vulnerability in Palantir Gotham

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory.

7.5
2023-02-16 CVE-2023-22580 Sequelizejs Information Exposure vulnerability in Sequelizejs Sequelize 7.0.0

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.

7.5
2023-02-16 CVE-2023-0860 Modoboa Improper Restriction of Excessive Authentication Attempts vulnerability in Modoboa Installer 2.0.3

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

7.5
2023-02-16 CVE-2023-0662 PHP Resource Exhaustion vulnerability in PHP

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries.

7.5
2023-02-15 CVE-2021-34117 Seopanel SQL Injection vulnerability in Seopanel SEO Panel 4.9.0

SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.

7.5
2023-02-15 CVE-2021-38239 Dataease SQL Injection vulnerability in Dataease

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

7.5
2023-02-15 CVE-2022-40016 Media Server Project Use After Free vulnerability in Media-Server Project Media-Server

Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.

7.5
2023-02-15 CVE-2023-0848 Netgear Unspecified vulnerability in Netgear Wndr3700 Firmware 1.0.1.14

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14.

7.5
2023-02-15 CVE-2023-0850 Netgear Unspecified vulnerability in Netgear Wndr3700 Firmware 1.0.1.14

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic.

7.5
2023-02-15 CVE-2022-45546 Screencheck Cleartext Transmission of Sensitive Information vulnerability in Screencheck Badgemaker 2.6.2.0

Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.

7.5
2023-02-15 CVE-2022-47508 Solarwinds Unspecified vulnerability in Solarwinds Server and Application Monitor 2022.4

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.

7.5
2023-02-15 CVE-2023-23463 Sunellsecurity Insufficiently Protected Credentials vulnerability in Sunellsecurity products

Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.

7.5
2023-02-15 CVE-2023-23464 Mediacp Unspecified vulnerability in Mediacp Media Control Panel 2.13.1

Media CP Media Control Panel latest version.

7.5
2023-02-15 CVE-2023-23466 Mediacp Insufficiently Protected Credentials vulnerability in Mediacp Media Control Panel 2.13.1

Media CP Media Control Panel latest version.

7.5
2023-02-15 CVE-2023-24498 Netgear Insufficiently Protected Credentials vulnerability in Netgear Prosafe Fs726Tp Firmware

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

7.5
2023-02-15 CVE-2023-0103 LS Electric Access of Memory Location After End of Buffer vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating.

7.5
2023-02-15 CVE-2023-22803 LS Electric Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC.

7.5
2023-02-15 CVE-2023-22806 LS Electric Cleartext Transmission of Sensitive Information vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol.

7.5
2023-02-15 CVE-2023-25191 AMI Insufficiently Protected Credentials vulnerability in AMI Megarac Sp-X 12/13

AMI MegaRAC SPX devices allow Password Disclosure through Redfish.

7.5
2023-02-15 CVE-2023-25578 Starliteproject Allocation of Resources Without Limits or Throttling vulnerability in Starliteproject Starlite

Starlite is an Asynchronous Server Gateway Interface (ASGI) framework.

7.5
2023-02-15 CVE-2023-24580 Djangoproject
Debian
Resource Exhaustion vulnerability in multiple products

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7.

7.5
2023-02-14 CVE-2023-21553 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2020.1.2

Azure DevOps Server Remote Code Execution Vulnerability

7.5
2023-02-14 CVE-2023-21691 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability

7.5
2023-02-14 CVE-2023-21700 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Discovery Service Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-21701 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-21702 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Service Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-21811 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Service Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-21813 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Channel Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-21816 Microsoft Unspecified vulnerability in Microsoft products

Windows Active Directory Domain Services API Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-21818 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Channel Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-21819 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Channel Denial of Service Vulnerability

7.5
2023-02-14 CVE-2023-23946 GIT SCM Path Traversal vulnerability in Git-Scm GIT

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8.

7.5
2023-02-14 CVE-2023-25577 Palletsprojects Allocation of Resources Without Limits or Throttling vulnerability in Palletsprojects Werkzeug

Werkzeug is a comprehensive WSGI web application library.

7.5
2023-02-14 CVE-2023-22941 Splunk Unspecified vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).

7.5
2023-02-14 CVE-2023-25563 GSS Ntlmssp Project Out-of-bounds Read vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication.

7.5
2023-02-14 CVE-2023-25565 GSS Ntlmssp Project Release of Invalid Pointer or Reference vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication.

7.5
2023-02-14 CVE-2023-25566 GSS Ntlmssp Project Memory Leak vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication.

7.5
2023-02-14 CVE-2023-25567 GSS Ntlmssp Project Out-of-bounds Read vulnerability in Gss-Ntlmssp Project Gss-Ntlmssp

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0.

7.5
2023-02-14 CVE-2021-46023 Mruby Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mruby

An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc.

7.5
2023-02-14 CVE-2023-25576 Fastify Allocation of Resources Without Limits or Throttling vulnerability in Fastify Fastify-Multipart

@fastify/multipart is a Fastify plugin to parse the multipart content-type.

7.5
2023-02-14 CVE-2023-25141 Apache Injection vulnerability in Apache Sling JCR Base

Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor.

7.5
2023-02-14 CVE-2023-23835 Mendix Improper Access Control vulnerability in Mendix

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15).

7.5
2023-02-13 CVE-2022-3759 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1.

7.5
2023-02-13 CVE-2023-0518 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1.

7.5
2023-02-13 CVE-2023-24647 Online Food Ordering System Project SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 2.0

Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.

7.5
2023-02-13 CVE-2023-22854 Mitel Unspecified vulnerability in Mitel Micontact Center Business

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters.

7.5
2023-02-13 CVE-2023-0159 Wprealize Unspecified vulnerability in Wprealize Extensive VC Addons for Wpbakery Page Builder

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.

7.5
2023-02-13 CVE-2022-45454 Acronis Incorrect Default Permissions vulnerability in Acronis Agent and Cyber Protect

Sensitive information disclosure due to insecure folder permissions.

7.5
2023-02-13 CVE-2022-43460 Fujifilm Insufficiently Protected Credentials vulnerability in Fujifilm Driver Distributor

Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format.

7.5
2023-02-13 CVE-2023-22362 Akindo Sushiro Information Exposure Through Log Files vulnerability in Akindo-Sushiro products

SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file.

7.5
2023-02-16 CVE-2022-39948 Fortinet Improper Certificate Validation vulnerability in Fortinet Fortios and Fortiproxy

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)

7.4
2023-02-16 CVE-2022-40675 Fortinet Unspecified vulnerability in Fortinet Fortinac and Fortinac-F

Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.

7.4
2023-02-16 CVE-2022-27890 Palantir Improper Certificate Validation vulnerability in Palantir Atlasdb

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API.

7.4
2023-02-15 CVE-2023-0361 GNU
Redhat
Debian
Fedoraproject
Netapp
Information Exposure Through Discrepancy vulnerability in multiple products

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.

7.4
2023-02-15 CVE-2023-22377 Fujitsu XXE vulnerability in Fujitsu products

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0.

7.4
2023-02-14 CVE-2023-21820 Microsoft Unspecified vulnerability in Microsoft products

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

7.4
2023-02-16 CVE-2022-37340 Intel Uncontrolled Search Path Element vulnerability in Intel Quickassist Technology 1.7.L.4.10.0/4.2

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-25905 Intel Uncontrolled Search Path Element vulnerability in Intel Oneapi Data Analytics Library

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26032 Intel Uncontrolled Search Path Element vulnerability in Intel Distribution for Python Programming Language

Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26052 Intel Uncontrolled Search Path Element vulnerability in Intel MPI Library 2017

Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26062 Intel Uncontrolled Search Path Element vulnerability in Intel Trace Analyzer and Collector 2017/2020

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26076 Intel Uncontrolled Search Path Element vulnerability in Intel Oneapi Deep Neural Network

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26345 Intel Uncontrolled Search Path Element vulnerability in Intel Openmp

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26421 Intel Uncontrolled Search Path Element vulnerability in Intel Oneapi Dpc++/C++ Compiler Runtime

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26425 Intel Uncontrolled Search Path Element vulnerability in Intel Oneapi Collective Communications Library

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-26512 Intel Uncontrolled Search Path Element vulnerability in Intel Fpga Add-On

Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-16 CVE-2022-37329 Intel Uncontrolled Search Path Element vulnerability in Intel Quartus Prime

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-02-14 CVE-2023-22743 GIT FOR Windows Project Untrusted Search Path vulnerability in GIT for Windows Project GIT for Windows

Git for Windows is the Windows port of the revision control system Git.

7.3
2023-02-14 CVE-2023-21568 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

7.3
2023-02-17 CVE-2023-26020 Craftercms SQL Injection vulnerability in Craftercms Crafter CMS

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

7.2
2023-02-17 CVE-2023-23007 Ecisp SQL Injection vulnerability in Ecisp Espcms P8.21120101

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.

7.2
2023-02-16 CVE-2022-32971 Intel Improper Authentication vulnerability in Intel System Usage Report

Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access.

7.2
2023-02-16 CVE-2022-27489 Fortinet OS Command Injection vulnerability in Fortinet Fortiextender Firmware

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

7.2
2023-02-16 CVE-2022-33871 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortiweb

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.

7.2
2023-02-15 CVE-2022-38868 Ehoney Project SQL Injection vulnerability in Ehoney Project Ehoney 2.0.0

SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.

7.2
2023-02-15 CVE-2022-38111 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.

7.2
2023-02-15 CVE-2022-47503 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.

7.2
2023-02-15 CVE-2022-47504 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.

7.2
2023-02-15 CVE-2022-47507 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.

7.2
2023-02-15 CVE-2023-23836 Solarwinds Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data.

7.2
2023-02-14 CVE-2023-21703 Microsoft Unspecified vulnerability in Microsoft Azure Data BOX Gateway and Azure Stack Edge

Azure Data Box Gateway Remote Code Execution Vulnerability

7.2
2023-02-14 CVE-2023-21710 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

7.2
2023-02-13 CVE-2022-4546 Conceptbeans SQL Injection vulnerability in Conceptbeans Mapwiz 1.0.1

The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2
2023-02-14 CVE-2023-21564 Microsoft Cross-site Scripting vulnerability in Microsoft Azure Devops Server 2022

Azure DevOps Server Cross-Site Scripting Vulnerability

7.1
2023-02-14 CVE-2023-0020 SAP Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.

7.1
2023-02-13 CVE-2022-4745 WP Customerarea Unspecified vulnerability in Wp-Customerarea WP Customer Area

The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

7.1
2023-02-17 CVE-2020-19824 MPV Race Condition vulnerability in MPV 0.29.1

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.

7.0
2023-02-16 CVE-2022-26837 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

7.0
2023-02-16 CVE-2022-32764 Intel Race Condition vulnerability in Intel Driver & Support Assistant

Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.0
2023-02-15 CVE-2022-32469 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32475 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32477 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32470 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32473 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32476 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32953 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32471 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32474 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32478 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0
2023-02-15 CVE-2022-32954 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5.

7.0
2023-02-15 CVE-2022-32955 Insyde Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

7.0

255 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-16 CVE-2022-21216 Intel Unspecified vulnerability in Intel products

Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.

6.8
2023-02-16 CVE-2022-48306 Palantir Improper Certificate Validation vulnerability in Palantir Gotham Chat IRC

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack.

6.8
2023-02-14 CVE-2023-21694 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Service Remote Code Execution Vulnerability

6.8
2023-02-13 CVE-2023-0808 Deyeinverter
Revolt Power
Bosswerk
Use of Hard-coded Credentials vulnerability in multiple products

A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471.

6.8
2023-02-16 CVE-2022-33196 Intel Incorrect Default Permissions vulnerability in Intel products

Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-02-16 CVE-2022-26343 Intel Unspecified vulnerability in Intel products

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-02-16 CVE-2022-30539 Intel Use After Free vulnerability in Intel products

Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-02-16 CVE-2022-30704 Intel Improper Initialization vulnerability in Intel products

Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-02-16 CVE-2022-32231 Intel Improper Initialization vulnerability in Intel products

Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-02-14 CVE-2022-35868 Siemens Untrusted Search Path vulnerability in Siemens TIA Multiuser Server and TIA Project-Server

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6).

6.7
2023-02-17 CVE-2022-36775 IBM Injection vulnerability in IBM products

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

6.5
2023-02-16 CVE-2023-0821 Hashicorp Unspecified vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage.

6.5
2023-02-16 CVE-2022-27234 Intel Server-Side Request Forgery (SSRF) vulnerability in Intel Computer Vision Annotation Tool

Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

6.5
2023-02-16 CVE-2022-29494 Intel Improper Input Validation vulnerability in Intel Openbmc Egs0.91179

Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

6.5
2023-02-16 CVE-2023-22380 Github Path Traversal vulnerability in Github Enterprise Server

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site.

6.5
2023-02-16 CVE-2022-30300 Fortinet Path Traversal vulnerability in Fortinet Fortiweb

A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.

6.5
2023-02-16 CVE-2022-43954 Fortinet Information Exposure Through Log Files vulnerability in Fortinet Fortiportal 7.0.0/7.0.1/7.0.2

An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.

6.5
2023-02-16 CVE-2023-0475 Hashicorp Unspecified vulnerability in Hashicorp Go-Getter

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs.

6.5
2023-02-16 CVE-2023-23778 Fortinet Path Traversal vulnerability in Fortinet Fortiweb

A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.

6.5
2023-02-16 CVE-2023-23784 Fortinet Path Traversal vulnerability in Fortinet Fortiweb

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.

6.5
2023-02-15 CVE-2021-33396 Baijiacms Project Cross-Site Request Forgery (CSRF) vulnerability in Baijiacms Project Baijiacms 4.1.4

Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.

6.5
2023-02-15 CVE-2023-23458 Sunellsecurity Unspecified vulnerability in Sunellsecurity products

Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.

6.5
2023-02-15 CVE-2023-25768 Jenkins Missing Authorization vulnerability in Jenkins Azure Credentials

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.

6.5
2023-02-14 CVE-2023-21572 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

6.5
2023-02-14 CVE-2023-21721 Microsoft Unspecified vulnerability in Microsoft Onenote

Microsoft OneNote Elevation of Privilege Vulnerability

6.5
2023-02-14 CVE-2023-21807 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

6.5
2023-02-14 CVE-2023-23382 Microsoft Unspecified vulnerability in Microsoft Azure Machine Learning 3.0.0

Azure Machine Learning Compute Instance Information Disclosure Vulnerability

6.5
2023-02-14 CVE-2022-41564 Tibco Unspecified vulnerability in Tibco Hawk and Operational Intelligence Hawk Redtail

The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user.

6.5
2023-02-14 CVE-2023-0019 SAP Missing Authorization vulnerability in SAP GRC Process Control

In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database.

6.5
2023-02-14 CVE-2023-24524 SAP Missing Authorization vulnerability in SAP S/4Hana 104/105

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.

6.5
2023-02-14 CVE-2023-24528 SAP Missing Authorization vulnerability in SAP Fiori 600

SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data.

6.5
2023-02-14 CVE-2023-0814 Cozmoslabs Incorrect Authorization vulnerability in Cozmoslabs Profile Builder

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0.

6.5
2023-02-13 CVE-2022-3411 Gitlab Improper Validation of Specified Quantity in Input vulnerability in Gitlab

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

6.5
2023-02-13 CVE-2022-45962 Os4Ed SQL Injection vulnerability in Os4Ed Opensis 7.3/7.6/8.0

Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.

6.5
2023-02-13 CVE-2022-25937 Glance Project Path Traversal vulnerability in Glance Project Glance

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory.

6.5
2023-02-16 CVE-2023-23558 Eternal Terminal Project Link Following vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp.

6.3
2023-02-14 CVE-2023-22936 Splunk Server-Side Request Forgery (SSRF) vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user.

6.3
2023-02-19 CVE-2012-10007 Buddystream Project Cross-site Scripting vulnerability in Buddystream Project Buddystream

A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress.

6.1
2023-02-17 CVE-2022-48115 Jspreadsheet Cross-site Scripting vulnerability in Jspreadsheet

The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS).

6.1
2023-02-17 CVE-2023-23921 Moodle Cross-site Scripting vulnerability in Moodle

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters.

6.1
2023-02-17 CVE-2023-23922 Moodle Cross-site Scripting vulnerability in Moodle

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search.

6.1
2023-02-17 CVE-2023-24369 Ujcms Cross-site Scripting vulnerability in Ujcms 4.1.3/5.5.0

A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.

6.1
2023-02-17 CVE-2023-0878 Nuxt Cross-site Scripting vulnerability in Nuxt

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.

6.1
2023-02-16 CVE-2019-17003 Mozilla Cross-site Scripting vulnerability in Mozilla Firefox

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

6.1
2023-02-16 CVE-2021-23980 Mozilla Cross-site Scripting vulnerability in Mozilla Bleach

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

6.1
2023-02-16 CVE-2022-0637 Mozilla Open Redirect vulnerability in Mozilla Pollbot

open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6

6.1
2023-02-16 CVE-2022-48324 Mapos Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0

Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code.

6.1
2023-02-16 CVE-2022-48325 Mapos Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0

Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code.

6.1
2023-02-16 CVE-2022-48326 Mapos Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0

Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code.

6.1
2023-02-16 CVE-2022-48327 Mapos Cross-site Scripting vulnerability in Mapos Map-Os 4.39.0

Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code.

6.1
2023-02-16 CVE-2022-30304 Fortinet Cross-site Scripting vulnerability in Fortinet Fortianalyzer

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.

6.1
2023-02-16 CVE-2022-38376 Fortinet Cross-site Scripting vulnerability in Fortinet Fortinac

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.

6.1
2023-02-16 CVE-2022-41334 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios

An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.

6.1
2023-02-15 CVE-2022-45543 Discuz Cross-site Scripting vulnerability in Discuz Discuzx 3.4

Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.

6.1
2023-02-15 CVE-2023-23467 Mediacp Cross-site Scripting vulnerability in Mediacp Media Control Panel 2.13.1

Media CP Media Control Panel latest version.

6.1
2023-02-15 CVE-2022-25978 Usememos Cross-site Scripting vulnerability in Usememos Memos

All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

6.1
2023-02-15 CVE-2022-47373 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower.

6.1
2023-02-14 CVE-2023-22932 Splunk Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image.

6.1
2023-02-14 CVE-2023-22933 Splunk Cross-site Scripting vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.

6.1
2023-02-14 CVE-2022-4286 BR Automation Cross-site Scripting vulnerability in Br-Automation Automation Runtime

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

6.1
2023-02-14 CVE-2023-23852 SAP Cross-site Scripting vulnerability in SAP Solution Manager 720

SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1
2023-02-14 CVE-2023-23853 SAP Open Redirect vulnerability in SAP Netweaver Application Server Abap

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.

6.1
2023-02-14 CVE-2023-23858 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data.

6.1
2023-02-14 CVE-2023-23859 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.

6.1
2023-02-14 CVE-2023-23860 SAP Open Redirect vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.

6.1
2023-02-14 CVE-2023-24521 SAP Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data.

6.1
2023-02-14 CVE-2023-24522 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data.

6.1
2023-02-14 CVE-2023-24529 SAP Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages

Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack.

6.1
2023-02-14 CVE-2023-25614 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network.

6.1
2023-02-14 CVE-2023-22376 Planex Cross-site Scripting vulnerability in Planex Cs-Wmv02G Firmware

Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script.

6.1
2023-02-13 CVE-2015-10079 Walrusirc Project Cross-site Scripting vulnerability in Walrusirc Project Walrusirc 0.0.2

A vulnerability was found in juju2143 WalrusIRC 0.0.2.

6.1
2023-02-13 CVE-2022-4905 UDX Cross-site Scripting vulnerability in UDX Stateless Media Plugin 3.1.1

A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress.

6.1
2023-02-13 CVE-2023-24086 Slims Project Cross-site Scripting vulnerability in Slims Project Slims 9.5.2

SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.

6.1
2023-02-13 CVE-2023-24648 Zippy Cross-site Scripting vulnerability in Zippy Zstore 6.6.0

Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.

6.1
2023-02-13 CVE-2023-25241 Bgerp Cross-site Scripting vulnerability in Bgerp 22.31

bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

6.1
2023-02-13 CVE-2022-45285 Vsourz Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB 1.7.2/1.9.1

Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).

6.1
2023-02-13 CVE-2022-48110 Ckeditor Cross-site Scripting vulnerability in Ckeditor 35.4.0

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget.

6.1
2023-02-13 CVE-2023-23553 Controlbyweb Cross-site Scripting vulnerability in Controlbyweb X-400 Firmware

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.

6.1
2023-02-13 CVE-2023-0099 Getlasso Unspecified vulnerability in Getlasso Simple Urls

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1
2023-02-16 CVE-2022-38378 Fortinet Improper Privilege Management vulnerability in Fortinet Fortios and Fortiproxy

An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.

6.0
2023-02-17 CVE-2023-23695 Dell Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Secure Connect Gateway 5.12.00.10/5.14.00.12

Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability.

5.9
2023-02-16 CVE-2020-12413 Mozilla Information Exposure Through Discrepancy vulnerability in Mozilla Firefox

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification.

5.9
2023-02-15 CVE-2023-25171 Kiwitcms Allocation of Resources Without Limits or Throttling vulnerability in Kiwitcms Kiwi Tcms

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0.

5.9
2023-02-14 CVE-2022-22564 Dell Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell products

Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm.

5.9
2023-02-13 CVE-2023-22367 Ichiranusa Improper Certificate Validation vulnerability in Ichiranusa Ichiran

Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

5.9
2023-02-14 CVE-2023-21693 Microsoft Unspecified vulnerability in Microsoft products

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

5.7
2023-02-14 CVE-2023-22940 Splunk Unspecified vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands.

5.7
2023-02-13 CVE-2022-34397 Dell Unspecified vulnerability in Dell products

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

5.7
2023-02-14 CVE-2023-21567 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019

Visual Studio Denial of Service Vulnerability

5.6
2023-02-19 CVE-2016-15024 Doomsider Shadow Project Unspecified vulnerability in Doomsider Shadow Project Doomsider Shadow

A vulnerability was found in doomsider shadow.

5.5
2023-02-18 CVE-2023-0909 Notepad Project Improper Resource Shutdown or Release vulnerability in Notepad-- Project Notepad-- 1.22

A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22.

5.5
2023-02-18 CVE-2023-0907 Filseclab Improper Resource Shutdown or Release vulnerability in Filseclab Twister Antivirus 8.17

A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17.

5.5
2023-02-17 CVE-2021-32843 Mobyproject NULL Pointer Dereference vulnerability in Mobyproject Hyperkit

HyperKit is a toolkit for embedding hypervisor capabilities in an application.

5.5
2023-02-17 CVE-2021-32844 Mobyproject NULL Pointer Dereference vulnerability in Mobyproject Hyperkit

HyperKit is a toolkit for embedding hypervisor capabilities in an application.

5.5
2023-02-17 CVE-2023-0482 Redhat Unspecified vulnerability in Redhat Resteasy

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

5.5
2023-02-17 CVE-2023-21577 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-02-17 CVE-2023-21578 Adobe Out-of-bounds Read vulnerability in Adobe Photoshop 23.0.0/23.1/23.3.2

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-02-17 CVE-2023-21583 Adobe Out-of-bounds Read vulnerability in Adobe Bridge 12.0.1

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-02-17 CVE-2023-21584 Adobe Use After Free vulnerability in Adobe Framemaker

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-02-17 CVE-2023-21593 Adobe NULL Pointer Dereference vulnerability in Adobe Indesign 17.2.1/18.0/18.1

Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability.

5.5
2023-02-17 CVE-2023-21620 Adobe Out-of-bounds Read vulnerability in Adobe Framemaker

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-02-17 CVE-2023-22231 Adobe Out-of-bounds Read vulnerability in Adobe Bridge 12.0.1

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-02-17 CVE-2023-22233 Adobe Out-of-bounds Read vulnerability in Adobe After Effects 22.1.1/22.2.1

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-02-17 CVE-2023-24809 Nethack Classic Buffer Overflow vulnerability in Nethack

NetHack is a single player dungeon exploration game.

5.5
2023-02-17 CVE-2023-24785 Peazip Project Allocation of Resources Without Limits or Throttling vulnerability in Peazip Project Peazip 9.0.0

An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.

5.5
2023-02-17 CVE-2023-24964 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files.

5.5
2023-02-17 CVE-2023-23586 Linux Use After Free vulnerability in Linux Kernel

Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault.

5.5
2023-02-16 CVE-2021-33104 Intel Unspecified vulnerability in Intel ONE Boot Flash Update

Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-02-16 CVE-2022-29523 Open CAS Project Improper Check for Unusual or Exceptional Conditions vulnerability in Open CAS Project Open CAS

Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-02-16 CVE-2022-31476 Intel Unspecified vulnerability in Intel System Usage Report

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-02-16 CVE-2022-35883 Intel NULL Pointer Dereference vulnerability in Intel Media Software Development KIT

NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-02-16 CVE-2022-36289 Intel Unspecified vulnerability in Intel Media Software Development KIT

Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-02-16 CVE-2022-36797 Vmware Unspecified vulnerability in VMWare Ixgben

Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-02-16 CVE-2022-41614 Intel Insufficiently Protected Credentials vulnerability in Intel on Event Series

Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-02-16 CVE-2022-26509 Intel Improper Handling of Exceptional Conditions vulnerability in Intel SGX SDK

Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

5.5
2023-02-16 CVE-2022-26841 Intel Unspecified vulnerability in Intel SGX SDK

Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-02-16 CVE-2022-30531 Intel Out-of-bounds Read vulnerability in Intel Iris XE MAX Dedicated Graphics

Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.

5.5
2023-02-16 CVE-2023-24484 Citrix Unspecified vulnerability in Citrix Workspace 1912/2105/2203.1

A malicious user can cause log files to be written to a directory that they do not have permission to write to.

5.5
2023-02-16 CVE-2023-25153 Linuxfoundation Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Containerd

containerd is an open source container runtime.

5.5
2023-02-15 CVE-2022-45586 Xpdfreader Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.04

Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.

5.5
2023-02-15 CVE-2022-45587 Xpdfreader Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.04

Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.

5.5
2023-02-15 CVE-2022-45154 Opensuse Cleartext Storage of Sensitive Information vulnerability in Opensuse Supportutils 3.15.7.1

A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions.

5.5
2023-02-15 CVE-2023-20949 Google Out-of-bounds Write vulnerability in Google Android

In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow.

5.5
2023-02-14 CVE-2023-21687 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

HTTP.sys Information Disclosure Vulnerability

5.5
2023-02-14 CVE-2023-21697 Microsoft Unspecified vulnerability in Microsoft products

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability

5.5
2023-02-14 CVE-2023-21714 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel

Microsoft Office Information Disclosure Vulnerability

5.5
2023-02-14 CVE-2023-22490 GIT SCM Link Following vulnerability in Git-Scm GIT

Git is a revision control system.

5.5
2023-02-13 CVE-2023-0795 Libtiff Out-of-bounds Read vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0796 Libtiff Out-of-bounds Read vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0797 Libtiff Out-of-bounds Read vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0798 Libtiff Out-of-bounds Read vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0799 Libtiff Use After Free vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0800 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0801 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0802 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0803 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0804 Libtiff Out-of-bounds Write vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-02-13 CVE-2023-0818 Gpac Off-by-one Error vulnerability in Gpac

Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.

5.5
2023-02-13 CVE-2023-24619 Redpanda Insufficiently Protected Credentials vulnerability in Redpanda

Redpanda before 22.3.12 discloses cleartext AWS credentials.

5.5
2023-02-13 CVE-2023-23948 Owncloud SQL Injection vulnerability in Owncloud

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders.

5.5
2023-02-18 CVE-2023-0902 Simple Food Ordering System Project Cross-site Scripting vulnerability in Simple Food Ordering System Project Simple Food Ordering System 1.0

A vulnerability was found in SourceCodester Simple Food Ordering System 1.0.

5.4
2023-02-18 CVE-2022-40348 Intern Record System Project Cross-site Scripting vulnerability in Intern Record System Project Intern Record System 1.0

Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.

5.4
2023-02-17 CVE-2023-24769 Changedetection Cross-site Scripting vulnerability in Changedetection

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page.

5.4
2023-02-17 CVE-2022-43579 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting.

5.4
2023-02-17 CVE-2023-22868 IBM Cross-site Scripting vulnerability in IBM Aspera Faspex 4.4.1

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting.

5.4
2023-02-17 CVE-2023-24388 Wpdevart Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Booking Calendar

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).

5.4
2023-02-17 CVE-2023-0879 Btcpayserver Cross-site Scripting vulnerability in Btcpayserver Btcpay Server

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.

5.4
2023-02-16 CVE-2022-42472 Fortinet Injection vulnerability in Fortinet Fortios and Fortiproxy

A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.

5.4
2023-02-16 CVE-2023-22638 Fortinet Cross-site Scripting vulnerability in Fortinet Fortinac

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.

5.4
2023-02-16 CVE-2023-23936 Nodejs Injection vulnerability in Nodejs Undici

Undici is an HTTP/1.1 client for Node.js.

5.4
2023-02-16 CVE-2021-40555 Flatcore Cross-site Scripting vulnerability in Flatcore 2.0.7

Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.

5.4
2023-02-15 CVE-2023-0840 Phpcrazy Project Cross-site Scripting vulnerability in PHPcrazy Project PHPcrazy 1.1.1

A vulnerability classified as problematic was found in PHPCrazy 1.1.1.

5.4
2023-02-15 CVE-2023-25761 Jenkins Cross-site Scripting vulnerability in Jenkins Junit

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

5.4
2023-02-15 CVE-2023-25762 Jenkins Cross-site Scripting vulnerability in Jenkins Pipeline: Build Step

Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.

5.4
2023-02-15 CVE-2023-25763 Jenkins Cross-site Scripting vulnerability in Jenkins Email Extension

Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.

5.4
2023-02-15 CVE-2023-25764 Jenkins Cross-site Scripting vulnerability in Jenkins Email Extension

Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates.

5.4
2023-02-15 CVE-2022-47372 Pandorafms Cross-Site Request Forgery (CSRF) vulnerability in Pandorafms Pandora FMS

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower.

5.4
2023-02-14 CVE-2023-21570 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

5.4
2023-02-14 CVE-2023-21571 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

5.4
2023-02-14 CVE-2023-21573 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.1

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

5.4
2023-02-14 CVE-2023-25571 Linuxfoundation Cross-site Scripting vulnerability in Linuxfoundation products

Backstage is an open platform for building developer portals.

5.4
2023-02-14 CVE-2023-0827 Pimcore Cross-site Scripting vulnerability in Pimcore 1.4.3/1.4.9/1.5.0

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.

5.4
2023-02-14 CVE-2023-0024 SAP Cross-site Scripting vulnerability in SAP Solution Manager 720

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.

5.4
2023-02-14 CVE-2023-0025 SAP Cross-site Scripting vulnerability in SAP Solution Manager 720

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.

5.4
2023-02-14 CVE-2023-23851 SAP Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Planning and Consolidation 200/300

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation.

5.4
2023-02-14 CVE-2023-23854 SAP Missing Authorization vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

5.4
2023-02-14 CVE-2023-23855 SAP Open Redirect vulnerability in SAP Solution Manager 720

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation.

5.4
2023-02-14 CVE-2023-23856 SAP Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 430

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response.

5.4
2023-02-14 CVE-2023-24525 SAP Cross-site Scripting vulnerability in SAP products

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

5.4
2023-02-13 CVE-2023-25572 Marmelab Cross-site Scripting vulnerability in Marmelab Ra-Ui-Materialui and React-Admin

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs.

5.4
2023-02-13 CVE-2023-0810 Btcpayserver Cross-site Scripting vulnerability in Btcpayserver

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.

5.4
2023-02-13 CVE-2022-4448 Givewp Unspecified vulnerability in Givewp

The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4458 AMR Shortcode ANY Widget Project Unspecified vulnerability in AMR Shortcode ANY Widget Project AMR Shortcode ANY Widget

The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-13 CVE-2022-4471 Yarpp Unspecified vulnerability in Yarpp YET Another Related Posts Plugin

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4473 Widget Shortcode Project Unspecified vulnerability in Widget Shortcode Project Widget Shortcode

The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-13 CVE-2022-4488 Widgets ON Pages Project Unspecified vulnerability in Widgets on Pages Project Widgets on Pages

The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-13 CVE-2022-4512 Better Font Awesome Project Unspecified vulnerability in Better Font Awesome Project Better Font Awesome

The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2022-4551 Croover Unspecified vulnerability in Croover Rich Table of Contents

The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4562 Mekshq Unspecified vulnerability in Mekshq Meks Flexible Shortcodes

The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-13 CVE-2022-4580 Twenty20 Project Unspecified vulnerability in Twenty20 Project Twenty20 1.5.9

The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4628 Wpplugin Unspecified vulnerability in Wpplugin Easy Paypal BUY NOW Button

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4656 Plugins Market Cross-site Scripting vulnerability in Plugins-Market WP Visitor Statistics

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-02-13 CVE-2022-4678 Templatesnext Unspecified vulnerability in Templatesnext Toolkit

The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2022-4682 Wpgogo Unspecified vulnerability in Wpgogo Lightbox-Gallery

The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4759 Liquidweb Unspecified vulnerability in Liquidweb Gigpress

The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4783 Youtube Channel Gallery Project Unspecified vulnerability in Youtube Channel Gallery Project Youtube Channel Gallery

The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-4830 Strangerstudios Cross-site Scripting vulnerability in Strangerstudios Paid Memberships PRO

The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-13 CVE-2023-0034 Crocoblock Unspecified vulnerability in Crocoblock Jetwidgets for Elementor

The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2023-0060 Responsive Gallery Grid Project Unspecified vulnerability in Responsive Gallery Grid Project Responsive Gallery Grid

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0061 Judge Unspecified vulnerability in Judge Product Reviews for Woocommerce

The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0075 Amazonjs Project Unspecified vulnerability in Amazonjs Project Amazonjs 0.10

The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0151 Utubevideo Gallery Project Cross-site Scripting vulnerability in Utubevideo Gallery Project Utubevideo Gallery

The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0166 Pickplugins Unspecified vulnerability in Pickplugins Product Slider for Woocommerce

The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0169 Zohocorp Unspecified vulnerability in Zohocorp Zoho Forms

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0177 Wpdevart Unspecified vulnerability in Wpdevart Social Like BOX and Page

The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0270 Yamaps Project Unspecified vulnerability in Yamaps Project Yamaps

The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0275 Tipsandtricks HQ Unspecified vulnerability in Tipsandtricks-Hq Easy Accept Payments for Paypal

The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0333 Templatesnext Unspecified vulnerability in Templatesnext Toolkit

The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2023-0360 Shapedplugin Unspecified vulnerability in Shapedplugin Location Weather

The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0362 Themify Unspecified vulnerability in Themify Portfolio Post

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-13 CVE-2023-0373 Smartwp Cross-site Scripting vulnerability in Smartwp Lightweight Accordion

The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2023-0379 Rebelcode Unspecified vulnerability in Rebelcode Spotlight Social Feeds

The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-13 CVE-2022-45724 Comfast Improper Authentication vulnerability in Comfast Cf-Wr610N Firmware 2.3.1

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.

5.4
2023-02-13 CVE-2023-25727 Phpmyadmin Cross-site Scripting vulnerability in PHPmyadmin

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

5.4
2023-02-19 CVE-2023-0914 Pixelfed Unspecified vulnerability in Pixelfed

Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.

5.3
2023-02-18 CVE-2023-0901 Pixelfed Unspecified vulnerability in Pixelfed

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.

5.3
2023-02-17 CVE-2023-22232 Adobe Improper Access Control vulnerability in Adobe Connect

Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.

5.3
2023-02-17 CVE-2021-32419 Schismtracker Out-of-bounds Write vulnerability in Schismtracker Schism Tracker

An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.

5.3
2023-02-16 CVE-2022-38056 Intel Unspecified vulnerability in Intel Endpoint Management Assistant

Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access.

5.3
2023-02-16 CVE-2023-23752 Joomla Unspecified vulnerability in Joomla Joomla!

An issue was discovered in Joomla! 4.0.0 through 4.2.7.

5.3
2023-02-16 CVE-2022-27891 Palantir Missing Authentication for Critical Function vulnerability in Palantir Gotham

Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session.

5.3
2023-02-15 CVE-2023-25192 AMI Exposure of Resource to Wrong Sphere vulnerability in AMI Megarac Sp-X 12/13

AMI MegaRAC SPX devices allow User Enumeration through Redfish.

5.3
2023-02-14 CVE-2023-21699 Microsoft Unspecified vulnerability in Microsoft products

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability

5.3
2023-02-14 CVE-2023-21720 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Tampering Vulnerability

5.3
2023-02-14 CVE-2023-22943 Splunk Improper Certificate Validation vulnerability in Splunk products

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.

5.3
2023-02-14 CVE-2023-0655 Sonicwall Information Exposure Through an Error Message vulnerability in Sonicwall Email Security 10.0.9

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.

5.3
2023-02-13 CVE-2023-25160 Nextcloud Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail

Nextcloud Mail is an email app for the Nextcloud home server platform.

5.3
2023-02-13 CVE-2023-25161 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform.

5.3
2023-02-13 CVE-2023-25162 Nextcloud Server-Side Request Forgery (SSRF) vulnerability in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform.

5.3
2023-02-13 CVE-2023-25159 Nextcloud Unspecified vulnerability in Nextcloud Server and Richdocuments

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform.

5.3
2023-02-13 CVE-2022-3891 Pixelite Unspecified vulnerability in Pixelite WP Fullcalendar

The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.

5.3
2023-02-14 CVE-2023-22370 Planex Cross-site Scripting vulnerability in Planex Cs-Wmv02G

Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script.

5.2
2023-02-14 CVE-2023-21715 Microsoft Incorrect Authorization vulnerability in Microsoft 365 Apps

Microsoft Publisher Security Features Bypass Vulnerability

5.0
2023-02-14 CVE-2023-21722 Microsoft Unspecified vulnerability in Microsoft .Net Framework

.NET Framework Denial of Service Vulnerability

5.0
2023-02-17 CVE-2023-0895 WOW Company Unspecified vulnerability in Wow-Company WP Coder

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

4.9
2023-02-16 CVE-2022-44299 Sscms Path Traversal vulnerability in Sscms Siteserver CMS 7.1.3

SiteServerCMS 7.1.3 sscms has a file read vulnerability.

4.9
2023-02-16 CVE-2022-29493 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Baseboard Management Controller Firmware 2.18/2.48.Ce3E3Bd2

Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.

4.9
2023-02-15 CVE-2022-45436 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS 765

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS).

4.8
2023-02-15 CVE-2022-45437 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS 765

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS).

4.8
2023-02-15 CVE-2023-24499 Butterfly Button Project Unspecified vulnerability in Butterfly-Button Project Butterfly-Button

Butterfly Button plugin may leave traces of its use on user's device.

4.6
2023-02-16 CVE-2022-33972 Intel Incorrect Calculation vulnerability in Intel products

Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-02-16 CVE-2022-36382 Intel Out-of-bounds Write vulnerability in Intel products

Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-02-16 CVE-2022-38090 Intel Unspecified vulnerability in Intel products

Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-02-16 CVE-2022-30339 Intel Out-of-bounds Read vulnerability in Intel Integrated Sensor Solution

Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-02-16 CVE-2022-34849 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Iris XE MAX Dedicated Graphics

Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-02-16 CVE-2022-36794 Intel Improper Check for Unusual or Exceptional Conditions vulnerability in Intel Server Platform Services

Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-02-13 CVE-2023-24804 Owncloud Path Traversal vulnerability in Owncloud

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders.

4.4
2023-02-17 CVE-2023-23899 Hasthemes Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Extensions for CF7

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.

4.3
2023-02-17 CVE-2023-0880 Phpmyfaq Misinterpretation of Input vulnerability in PHPmyfaq

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

4.3
2023-02-16 CVE-2022-36287 Intel Improper Handling of Exceptional Conditions vulnerability in Intel Field Programmable Gate Array Crypto Service Server

Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.

4.3
2023-02-16 CVE-2021-43074 Fortinet Improper Verification of Cryptographic Signature vulnerability in Fortinet products

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.

4.3
2023-02-16 CVE-2022-30299 Fortinet Path Traversal vulnerability in Fortinet Fortiweb

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.

4.3
2023-02-16 CVE-2022-38731 Qaelum Path Traversal vulnerability in Qaelum Dose

Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter.

4.3
2023-02-15 CVE-2023-23848 Jenkins Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

4.3
2023-02-15 CVE-2023-23850 Jenkins Incorrect Default Permissions vulnerability in Jenkins Synopsys Coverity

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2023-02-15 CVE-2023-22805 LS Electric Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature.

4.3
2023-02-15 CVE-2023-25766 Jenkins Missing Authorization vulnerability in Jenkins Azure Credentials

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2023-02-14 CVE-2023-21794 Microsoft Authentication Bypass by Spoofing vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3
2023-02-14 CVE-2023-22931 Splunk Incorrect Default Permissions vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions.

4.3
2023-02-14 CVE-2023-22937 Splunk Unrestricted Upload of File with Dangerous Type vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions.

4.3
2023-02-14 CVE-2023-22938 Splunk Unspecified vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance.

4.3
2023-02-14 CVE-2023-22942 Splunk Cross-Site Request Forgery (CSRF) vulnerability in Splunk

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request.

4.3
2023-02-13 CVE-2023-0405 Gptaipower Unspecified vulnerability in Gptaipower GPT AI Power

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.

4.3
2023-02-14 CVE-2023-25758 Onekey Unspecified vulnerability in Onekey Mini Firmware and Onekey Touch Firmware

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase.

4.2
2023-02-16 CVE-2022-26888 Intel Cross-site Scripting vulnerability in Intel Quartus Prime

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

4.1

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-02-16 CVE-2022-48307 Palantir Improper Certificate Validation vulnerability in Palantir Magritte-Ftp

It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API.

3.7
2023-02-16 CVE-2022-48308 Palantir Improper Certificate Validation vulnerability in Palantir Sls-Logging

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API.

3.7
2023-02-19 CVE-2023-0919 Kavitareader Missing Authentication for Critical Function vulnerability in Kavitareader Kavita

Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.

3.5
2023-02-15 CVE-2023-23847 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Synopsys Coverity

A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

3.5
2023-02-14 CVE-2023-23934 Palletsprojects Improper Input Validation vulnerability in Palletsprojects Werkzeug

Werkzeug is a comprehensive WSGI web application library.

3.5
2023-02-16 CVE-2022-29054 Fortinet Unspecified vulnerability in Fortinet Fortios and Fortiproxy

A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.

3.3
2023-02-14 CVE-2023-24565 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

3.3
2023-02-14 CVE-2023-24566 Siemens Stack-based Buffer Overflow vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

3.3
2023-02-13 CVE-2023-23697 Dell Link Following vulnerability in Dell Command | Intel Vpro OUT of Band

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation.

3.3
2023-02-13 CVE-2023-24572 Dell Link Following vulnerability in Dell Command | Integration Suite for System Center 6.2.0

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation.

3.3