Vulnerability Summary for the Week of January 9, 2023

Released
Jan 16, 2023
Document ID
SB23-016

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
web-cyradm_project -- web-cyradmA vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640.2023-01-089.8CVE-2007-10002
MISC
MISC
MISC
eshop_project -- eshopA vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572.2023-01-069.8CVE-2013-10008
MISC
MISC
MISC
pychao_project -- pychaoA vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The name of the patch is 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2013-10009
MISC
MISC
MISC
MISC
paginationserviceprovider_project -- paginationserviceproviderA vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2014-125029
MISC
MISC
MISC
MISC
cub-scout-tracker_project -- cub-scout-trackerA vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551.2023-01-069.8CVE-2014-125046
MISC
MISC
MISC
school-store_project -- school-storeA vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability.2023-01-069.8CVE-2014-125047
MISC
MISC
MISC
blogile_project -- blogile** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2023-01-069.8CVE-2014-125049
MISC
MISC
MISC
voter-js_project -- voter-jsA vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.2023-01-069.8CVE-2014-125050
MISC
MISC
MISC
MISC
yii2-jqgrid-widget_project -- yii2-jqgrid-widgetA vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564.2023-01-069.8CVE-2014-125051
MISC
MISC
MISC
MISC
sparql-identifiers_project -- sparql-identifiersA vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571.2023-01-069.8CVE-2014-125052
MISC
MISC
MISC
piwigo -- guestbookA vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability.2023-01-069.8CVE-2014-125053
MISC
MISC
MISC
MISC
robitailletheknot_project -- robitailletheknotA vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599.2023-01-079.8CVE-2014-125057
MISC
MISC
MISC
address_book_project -- address_bookA vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The name of the patch is d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code.2023-01-079.8CVE-2014-125058
MISC
MISC
MISC
sternenblog_project -- sternenblogA vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers.2023-01-079.8CVE-2014-125059
MISC
MISC
MISC
MISC
collabcal_project -- collabcalA vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2014-125060
MISC
MISC
MISC
filebroker_project -- filebroker** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2023-01-079.8CVE-2014-125061
MISC
MISC
MISC
bitstorm_project -- bitstormA vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The name of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability.2023-01-079.8CVE-2014-125062
MISC
MISC
MISC
bid_project -- bidA vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability.2023-01-079.8CVE-2014-125063
MISC
MISC
MISC
gosqljson_project -- gosqljsonA vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The name of the patch is 2740b331546cb88eb61771df4c07d389e9f0363a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217631.2023-01-079.8CVE-2014-125064
MISC
MISC
MISC
bottle-auth_project -- bottle-authA vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632.2023-01-079.8CVE-2014-125065
MISC
MISC
MISC
curiosity_project -- curiosityA vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639.2023-01-089.8CVE-2014-125067
MISC
MISC
MISC
gribbit_project -- gribbitA vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716.2023-01-099.8CVE-2014-125071
MISC
MISC
MISC
voteapp_project -- voteappA vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability.2023-01-109.8CVE-2014-125073
MISC
MISC
MISC
opensim-utils_project -- opensim-utilsA vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The name of the patch is c29e5c729a833a29dbf5b1e505a0553fe154575e. It is recommended to apply a patch to fix this issue. VDB-217550 is the identifier assigned to this vulnerability.2023-01-069.8CVE-2015-10016
MISC
MISC
MISC
hpi -- prolodA vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552.2023-01-069.8CVE-2015-10017
MISC
MISC
MISC
weberp -- d2filesA vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability.2023-01-069.8CVE-2015-10018
MISC
MISC
MISC
MISC
nlgis2_project -- nlgis2A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file scripts/etl/custom_import.pl. The manipulation leads to sql injection. The name of the patch is 8bdb6fcf7209584eaf1232437f0f53e735b2b34c. It is recommended to apply a patch to fix this issue. The identifier VDB-217609 was assigned to this vulnerability.2023-01-079.8CVE-2015-10022
MISC
MISC
MISC
trello-octometric_project -- trello-octometricA vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The name of the patch is a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611.2023-01-079.8CVE-2015-10023
MISC
MISC
MISC
larasync_project -- larasyncA vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612.2023-01-079.8CVE-2015-10024
MISC
MISC
MISC
flairbot_project -- flairbotA vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The name of the patch is 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2015-10026
MISC
MISC
MISC
ttrrs-auth-ldap_project -- ttrrs-auth-ldapA vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2015-10027
MISC
MISC
MISC
MISC
MISC
simplexrd_project -- simplexrdA vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2015-10029
MISC
MISC
MISC
MISC
github -- 491-projectA vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648.2023-01-089.8CVE-2015-10031
MISC
MISC
MISC
workout-organizer_project -- workout-organizerA vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability.2023-01-099.8CVE-2015-10034
MISC
MISC
MISC
angular-test-reporter_project -- angular-test-reporterA vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715.2023-01-099.8CVE-2015-10035
MISC
MISC
MISC
e-contract -- dsspA vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The name of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability.2023-01-069.8CVE-2016-15011
MISC
MISC
MISC
MISC
salesforce -- mobile_software_development_kit** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2023-01-079.8CVE-2016-15012
MISC
MISC
MISC
MISC
forumhulp -- search_resultsA vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.2023-01-079.8CVE-2016-15013
MISC
MISC
MISC
MISC
joomla_mod_einsatz_stats_project -- joomla_mod_einsatz_statsA vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The name of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability.2023-01-089.8CVE-2016-15016
MISC
MISC
MISC
MISC
ecodev -- media_uploadA vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.2023-01-109.8CVE-2016-15017
MISC
MISC
MISC
MISC
MISC
ecto_project -- ectoEcto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.2023-01-109.8CVE-2017-20166
MISC
MISC
MISC
MISC
nodebatis_project -- nodebatisA vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability.2023-01-069.8CVE-2018-25066
MISC
MISC
MISC
MISC
globalpom-utils_project -- globalpom-utilsA vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.2023-01-069.8CVE-2018-25068
MISC
MISC
MISC
MISC
netis-systems -- netcore_router_firmwareA vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability.2023-01-079.8CVE-2018-25069
MISC
MISC
MISC
aista -- phosphorus_fiveA vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2018-25070
MISC
MISC
MISC
MISC
lmeve_project -- lmeveA vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The name of the patch is c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2018-25071
MISC
MISC
MISC
MISC
lojban -- jbovlasteA vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647.2023-01-089.8CVE-2018-25072
MISC
MISC
MISC
twmap_project -- twmapA vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The name of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability.2023-01-089.8CVE-2019-25100
MISC
MISC
MISC
MISC
MISC
jobe_project -- jobeA vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.2023-01-069.8CVE-2020-36642
MISC
MISC
MISC
MISC
MISC
uqm-wasm_project -- uqm-wasmA vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563.2023-01-069.8CVE-2020-36643
MISC
MISC
MISC
square -- squalorA vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.2023-01-079.8CVE-2020-36645
MISC
MISC
MISC
MISC
MISC
pouet -- pouet2.0A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The name of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability.2023-01-089.8CVE-2020-36648
MISC
MISC
MISC
phpwcms -- phpwcmsA vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2021-4301
MISC
MISC
MISC
MISC
baobab_project -- baobabA vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.2023-01-079.8CVE-2021-4307
MISC
MISC
MISC
MISC
MISC
lboro -- webpaA vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The name of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability.2023-01-089.8CVE-2021-4308
MISC
MISC
MISC
MISC
MISC
talend -- open_studioA vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability.2023-01-099.8CVE-2021-4311
MISC
MISC
MISC
MISC
jfrog -- artifactoryJFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.2023-01-089.8CVE-2022-0668
MISC
event_management_system_project -- event_management_systemA vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability.2023-01-079.8CVE-2022-1101
MISC
MISC
wifey_project -- wifeyAll versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.2023-01-099.8CVE-2022-25890
MISC
exec-local-bin_project -- exec-local-binVersions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.2023-01-069.8CVE-2022-25923
MISC
MISC
MISC
loan_management_system_project -- loan_management_systemA vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability.2023-01-079.8CVE-2022-2666
MISC
MISC
MISC
qualcomm -- qca7500_firmwareMemory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.2023-01-099.8CVE-2022-33265
MISC
gullseye -- gullseye_terminal_operating_systemThis issue affects: Terminal Operating System versions before 5.0.132023-01-109.8CVE-2022-3792
CONFIRM
CONFIRM
CONFIRM
zte -- mf286r_firmwareThere is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.2023-01-069.8CVE-2022-39073
MISC
openvswitch -- openvswitchAn out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.2023-01-109.8CVE-2022-4337
MISC
MISC
MISC
DEBIAN
openvswitch -- openvswitchAn integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.2023-01-109.8CVE-2022-4338
MISC
MISC
MISC
DEBIAN
siemens -- automation_license_managerA vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.2023-01-109.8CVE-2022-43514
MISC
matrixssl -- matrixsslMatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.2023-01-099.8CVE-2022-43974
CONFIRM
CONFIRM
MISC
bulutses -- bulutdesk_callcenterThis issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.2023-01-109.8CVE-2022-4422
CONFIRM
dynamic_transaction_queuing_system_project -- dynamic_transaction_queuing_systemSourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.2023-01-099.8CVE-2022-47790
MISC
lead_management_system_project -- lead_management_systemLead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.2023-01-119.8CVE-2022-47859
MISC
MISC
lead_management_system_project -- lead_management_systemLead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.2023-01-119.8CVE-2022-47860
MISC
MISC
lead_management_system_project -- lead_management_systemLead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.2023-01-119.8CVE-2022-47861
MISC
MISC
lead_management_system_project -- lead_management_systemLead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.2023-01-119.8CVE-2022-47862
MISC
MISC
lead_management_system_project -- lead_management_systemLead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.2023-01-119.8CVE-2022-47864
MISC
MISC
lead_management_system_project -- lead_management_systemLead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.2023-01-119.8CVE-2022-47865
MISC
MISC
lead_management_system_project -- lead_management_systemLead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.2023-01-119.8CVE-2022-47866
MISC
MISC
openutau -- openutauA vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The name of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability.2023-01-079.8CVE-2022-4880
MISC
MISC
MISC
MISC
MISC
sap -- netweaver_application_server_abapSAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.2023-01-109.8CVE-2023-0014
MISC
MISC
sap -- netweaver_application_server_for_javaAn unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.2023-01-109.8CVE-2023-0017
MISC
MISC
nsa -- ghidraGhidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.2023-01-069.8CVE-2023-22671
MISC
MISC
librephotos_project -- librephotosapi/views/user.py in LibrePhotos before e19e539 has incorrect access control.2023-01-109.8CVE-2023-22903
MISC
linux -- linux_kernelA regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a2023-01-098.8CVE-2022-2196
MISC
MISC
qualcomm -- apq8009_firmwareMemory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote2023-01-098.8CVE-2022-22088
MISC
nokia -- asik_airscale_474021a.102_firmwareA vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.2023-01-068.8CVE-2022-2482
MISC
bravenewcode -- wptouchThe WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog.2023-01-098.8CVE-2022-3417
MISC
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.2023-01-098.8CVE-2022-35281
MISC
MISC
kadencewp -- starter_templatesThe Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.2023-01-098.8CVE-2022-3679
MISC
easyvista -- service_managerAn issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection.2023-01-108.8CVE-2022-38490
MISC
easyvista -- service_managerAn issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 before 2022.1.110.1.02. One parameter allows SQL injection.2023-01-108.8CVE-2022-38492
MISC
rydesharing -- rydeInformation disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link.2023-01-068.8CVE-2022-42979
MISC
nexxtsolutions -- amp300_firmwareThe web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.2023-01-068.8CVE-2022-44149
MISC
MISC
MISC
siemens -- sinec_insA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.2023-01-108.8CVE-2022-45092
MISC
siemens -- sinec_insA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.2023-01-108.8CVE-2022-45093
MISC
siemens -- sinec_insA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.2023-01-108.8CVE-2022-45094
MISC
72crm -- wukong_crm72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2023-01-108.8CVE-2022-46610
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.2023-01-108.8CVE-2022-4700
MISC
MISC
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site.2023-01-108.8CVE-2022-4701
MISC
MISC
MISC
spitfire_project -- spitfireSpitfire CMS 1.0.475 is vulnerable to PHP Object Injection.2023-01-108.8CVE-2022-47083
MISC
google -- chromeUse after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-01-108.8CVE-2023-0128
MISC
MISC
google -- chromeHeap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)2023-01-108.8CVE-2023-0129
MISC
MISC
google -- chromeUse after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)2023-01-108.8CVE-2023-0134
MISC
MISC
google -- chromeUse after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)2023-01-108.8CVE-2023-0135
MISC
MISC
google -- chromeInappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)2023-01-108.8CVE-2023-0136
MISC
MISC
google -- chromeHeap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-01-108.8CVE-2023-0137
MISC
MISC
google -- chromeHeap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)2023-01-108.8CVE-2023-0138
MISC
MISC
N/A -- N/A
 
Windows SMB Witness Service Elevation of Privilege Vulnerability.2023-01-108.8CVE-2023-21549
MISC
N/A -- N/A
 
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21551, CVE-2023-21730.2023-01-108.8CVE-2023-21561
MISC
N/A -- N/A
 
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.2023-01-108.8CVE-2023-21674
MISC
N/A -- N/A
 
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.2023-01-108.8CVE-2023-21676
MISC
N/A -- N/A
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability.2023-01-108.8CVE-2023-21681
MISC
N/A -- N/A
 
Microsoft ODBC Driver Remote Code Execution Vulnerability.2023-01-108.8CVE-2023-21732
MISC
N/A -- N/A
 
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21744.2023-01-108.8CVE-2023-21742
MISC
N/A -- N/A
 
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21742.2023-01-108.8CVE-2023-21744
MISC
nextcloud -- desktopDeck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.2023-01-098.8CVE-2023-22472
MISC
MISC
asus -- rt-ax82u_firmwareAn authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.2023-01-108.1CVE-2022-35401
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data.2023-01-108.1CVE-2022-4703
MISC
MISC
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings.2023-01-108.1CVE-2022-4704
MISC
MISC
MISC
N/A -- N/A
 
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548.2023-01-108.1CVE-2023-21535
MISC
N/A -- N/A
 
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21546, CVE-2023-21555, CVE-2023-21556, CVE-2023-21679.2023-01-108.1CVE-2023-21543
MISC
N/A -- N/A
 
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21555, CVE-2023-21556, CVE-2023-21679.2023-01-108.1CVE-2023-21546
MISC
N/A -- N/A
 
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21535.2023-01-108.1CVE-2023-21548
MISC
N/A -- N/A
 
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21556, CVE-2023-21679.2023-01-108.1CVE-2023-21555
MISC
N/A -- N/A
 
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21679.2023-01-108.1CVE-2023-21556
MISC
N/A -- N/A
 
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556.2023-01-108.1CVE-2023-21679
MISC
N/A -- N/A
 
Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21762.2023-01-108CVE-2023-21745
MISC
N/A -- N/A
 
Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21745.2023-01-108CVE-2023-21762
MISC
klattr_project -- klattrA vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719.2023-01-097.8CVE-2014-125072
MISC
MISC
MISC
weave -- weave_gitopsWeave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works)2023-01-097.8CVE-2022-23508
MISC
MISC
MISC
nokia -- asik_airscale_474021a.101_firmwareThe signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.2023-01-067.8CVE-2022-2484
MISC
qualcomm -- aqt1000_firmwareMemory corruption in display driver due to incorrect type casting while accessing the fence structure fields2023-01-097.8CVE-2022-25715
MISC
qualcomm -- apq8096au_firmwareMemory corruption in display due to double free while allocating frame buffer memory2023-01-097.8CVE-2022-25717
MISC
qualcomm -- aqt1000_firmwareMemory corruption in video driver due to type confusion error during video playback2023-01-097.8CVE-2022-25721
MISC
qualcomm -- aqt1000_firmwareMemory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.2023-01-097.8CVE-2022-25746
MISC
qualcomm -- apq8064au_firmwareMemory corruption in Automotive due to improper input validation.2023-01-097.8CVE-2022-33218
MISC
qualcomm -- apq8064au_firmwareMemory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.2023-01-097.8CVE-2022-33219
MISC
qualcomm -- apq8009_firmwareMemory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.2023-01-097.8CVE-2022-33266
MISC
qualcomm -- qam8295p_firmwareMemory corruption in android core due to improper validation of array index while returning feature ids after license authentication.2023-01-097.8CVE-2022-33274
MISC
qualcomm -- ar8035_firmwareMemory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.2023-01-097.8CVE-2022-33276
MISC
qualcomm -- qam8295p_firmwareMemory corruption in Automotive Android OS due to improper input validation.2023-01-097.8CVE-2022-33300
MISC
zebra -- enterprise_home_screenAn issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.2023-01-107.8CVE-2022-36443
MISC
MISC
zoom -- roomsZoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.2023-01-097.8CVE-2022-36925
MISC
zoom -- roomsZoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.2023-01-097.8CVE-2022-36926
MISC
zoom -- roomsZoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.2023-01-097.8CVE-2022-36927
MISC
zoom -- roomsThe Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.2023-01-097.8CVE-2022-36929
MISC
zoom -- roomsZoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.2023-01-097.8CVE-2022-36930
MISC
bentley -- microstation_connectBentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.2023-01-067.8CVE-2022-40201
MISC
qualcomm -- aqt1000_firmwareMemory corruption in Core due to stack-based buffer overflow.2023-01-097.8CVE-2022-40516
MISC
qualcomm -- aqt1000_firmwareMemory corruption in core due to stack-based buffer overflow2023-01-097.8CVE-2022-40517
MISC
qualcomm -- apq8064au_firmwareMemory corruption due to stack-based buffer overflow in Core2023-01-097.8CVE-2022-40520
MISC
bentley -- microstation_connectBentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.2023-01-067.8CVE-2022-41613
MISC
avira -- avira_securityNorton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.2023-01-107.8CVE-2022-4294
MISC
openharmony -- openharmonyKernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.2023-01-097.8CVE-2022-43662
MISC
echatserver -- easy_chat_serverEfs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.2023-01-067.8CVE-2022-44939
MISC
openharmony -- openharmonyKernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.2023-01-097.8CVE-2022-45126
MISC
openharmony -- openharmonysoftbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.2023-01-097.8CVE-2023-0035
MISC
openharmony -- openharmonyplatform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.2023-01-097.8CVE-2023-0036
MISC
N/A -- N/A
 
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21524
MISC
N/A -- N/A
 
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21537
MISC
microsoft -- windows_server_2008Windows Task Scheduler Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21541
MISC
N/A -- N/A
 
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21561, CVE-2023-21730.2023-01-107.8CVE-2023-21551
MISC
N/A -- N/A
 
Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21532.2023-01-107.8CVE-2023-21552
MISC
N/A -- N/A
 
Windows Error Reporting Service Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21558
MISC
N/A -- N/A
 
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21587
MISC
N/A -- N/A
 
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21588
MISC
N/A -- N/A
 
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21589
MISC
N/A -- N/A
 
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21590
MISC
N/A -- N/A
 
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21594
MISC
N/A -- N/A
 
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21595
MISC
N/A -- N/A
 
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21596
MISC
N/A -- N/A
 
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-137.8CVE-2023-21597
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.2023-01-107.8CVE-2023-21675
MISC
N/A -- N/A
 
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21760, CVE-2023-21765.2023-01-107.8CVE-2023-21678
MISC
N/A -- N/A
 
Windows Win32k Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21680
MISC
N/A -- N/A
 
Microsoft DWM Core Library Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21724
MISC
N/A -- N/A
 
Windows Credential Manager User Interface Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21726
MISC
N/A -- N/A
 
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21551, CVE-2023-21561.2023-01-107.8CVE-2023-21730
MISC
N/A -- N/A
 
Microsoft Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21735.2023-01-107.8CVE-2023-21734
MISC
N/A -- N/A
 
Microsoft Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21734.2023-01-107.8CVE-2023-21735
MISC
N/A -- N/A
 
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21737, CVE-2023-21738.2023-01-107.8CVE-2023-21736
MISC
N/A -- N/A
 
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21736, CVE-2023-21738.2023-01-107.8CVE-2023-21737
MISC
N/A -- N/A
 
Windows NTLM Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21746
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.2023-01-107.8CVE-2023-21747
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.2023-01-107.8CVE-2023-21748
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.2023-01-107.8CVE-2023-21749
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.2023-01-107.8CVE-2023-21754
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.2023-01-107.8CVE-2023-21755
MISC
N/A -- N/A
 
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21764.2023-01-107.8CVE-2023-21763
MISC
N/A -- N/A
 
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763.2023-01-107.8CVE-2023-21764
MISC
N/A -- N/A
 
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21760.2023-01-107.8CVE-2023-21765
MISC
N/A -- N/A
 
Windows Overlay Filter Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21767
MISC
N/A -- N/A
 
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.2023-01-107.8CVE-2023-21768
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21773, CVE-2023-21774.2023-01-107.8CVE-2023-21772
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21774.2023-01-107.8CVE-2023-21773
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773.2023-01-107.8CVE-2023-21774
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21780
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21781
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21782
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21783
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21784
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21785
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21786
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21787
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21788
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21789
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21790
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21792, CVE-2023-21793.2023-01-107.8CVE-2023-21791
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793.2023-01-107.8CVE-2023-21792
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792.2023-01-107.8CVE-2023-21793
MISC
yuko-bot_project -- yuko-botA vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attack can be initiated remotely. The name of the patch is e580584b877934a4298d4dd0c497c79e579380d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217636.2023-01-087.5CVE-2014-125066
MISC
MISC
MISC
miniconf_project -- miniconfA vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The name of the patch is c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615.2023-01-077.5CVE-2015-10025
MISC
MISC
MISC
debug_project -- debugA vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.2023-01-097.5CVE-2017-20165
MISC
MISC
MISC
MISC
MISC
mediaarea -- zenlibA vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.2023-01-077.5CVE-2020-36646
MISC
MISC
MISC
MISC
MISC
terminal-kit_project -- terminal-kitA vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620.2023-01-077.5CVE-2021-4306
MISC
MISC
MISC
MISC
huawei -- emuiThe HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.2023-01-067.5CVE-2021-46867
MISC
MISC
huawei -- emuiThe HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.2023-01-067.5CVE-2021-46868
MISC
MISC
qualcomm -- apq8017_firmwareTransient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.2023-01-097.5CVE-2022-33290
MISC
qualcomm -- apq8017_firmwareTransient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.2023-01-097.5CVE-2022-33299
MISC
asus -- rt-ax82u_firmwareAn information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.2023-01-107.5CVE-2022-38105
MISC
asus -- rt-ax82u_firmwareA denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.2023-01-107.5CVE-2022-38393
MISC
easyvista -- service_managerAn issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks.2023-01-107.5CVE-2022-38491
MISC
theme_park_ticketing_system_project -- theme_park_ticketing_systemSQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.2023-01-067.5CVE-2022-40049
MISC
siemens -- automation_license_managerA vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.2023-01-107.5CVE-2022-43513
MISC
linux -- linux_kernelA use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial2023-01-107.5CVE-2022-4379
MISC
MISC
MISC
FEDORA
FEDORA
linksys -- wrt54gl_firmwareA null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action.2023-01-097.5CVE-2022-43972
CONFIRM
CONFIRM
CONFIRM
musicpd -- music_player_daemonAn issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input.2023-01-107.5CVE-2022-46449
MISC
huawei -- emuiThe system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.2023-01-067.5CVE-2022-46761
MISC
MISC
huawei -- emuiThe memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.2023-01-067.5CVE-2022-46762
MISC
MISC
huawei -- emuiThe DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability.2023-01-067.5CVE-2022-47975
MISC
MISC
huawei -- emuiThe DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.2023-01-067.5CVE-2022-47976
MISC
MISC
forged_alliance_forever_project -- forged_alliance_foreverA vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The name of the patch is 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555.2023-01-067.5CVE-2022-4879
MISC
MISC
MISC
MISC
MISC
netis-systems -- netcore_router_firmwareA vulnerability was found in Netis Netcore Router. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-217591.2023-01-077.5CVE-2023-0113
MISC
MISC
N/A -- N/A
 
Windows iSCSI Service Denial of Service Vulnerability.2023-01-107.5CVE-2023-21527
MISC
N/A -- N/A
 
.NET Denial of Service Vulnerability.2023-01-107.5CVE-2023-21538
MISC
microsoft -- windows_server_2022Windows Authentication Remote Code Execution Vulnerability.2023-01-107.5CVE-2023-21539
MISC
N/A -- N/A
 
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.2023-01-107.5CVE-2023-21547
MISC
N/A -- N/A
 
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability.2023-01-107.5CVE-2023-21557
MISC
N/A -- N/A
 
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21683, CVE-2023-21758.2023-01-107.5CVE-2023-21677
MISC
N/A -- N/A
 
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21758.2023-01-107.5CVE-2023-21683
MISC
N/A -- N/A
 
Windows Netlogon Denial of Service Vulnerability.2023-01-107.5CVE-2023-21728
MISC
N/A -- N/A
 
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability.2023-01-107.5CVE-2023-21757
MISC
N/A -- N/A
 
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21683.2023-01-107.5CVE-2023-21758
MISC
N/A -- N/A
 
Microsoft Exchange Server Information Disclosure Vulnerability.2023-01-107.5CVE-2023-21761
MISC
openam -- openamOpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly.2023-01-107.5CVE-2023-22320
JVN
CONFIRM
N/A -- N/A
 
A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release.2023-01-137.5CVE-2023-22391
CONFIRM
N/A -- N/A
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.2023-01-137.5CVE-2023-22393
CONFIRM
N/A -- N/A
 
An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.1 versions 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1. This issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 18.2R1.2023-01-137.5CVE-2023-22394
CONFIRM
N/A -- N/A
 
An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue. MBUF usage can be monitored through the use of the 'show system buffers' command. For example: user@junos> show system buffers | refresh 5 4054/566/4620 mbufs in use (current/cache/total) ... 4089/531/4620 mbufs in use (current/cache/total) ... 4151/589/4740 mbufs in use (current/cache/total) ... 4213/527/4740 mbufs in use (current/cache/total) This issue affects Juniper Networks Junos OS: 12.3 version 12.3R12-S19 and later versions; 15.1 version 15.1R7-S10 and later versions; 17.3 version 17.3R3-S12 and later versions; 18.4 version 18.4R3-S9 and later versions; 19.1 version 19.1R3-S7 and later versions; 19.2 version 19.2R3-S3 and later versions; 19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7; 19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10; 20.1 version 20.1R3-S1 and later versions; 20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6; 20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5; 21.1 version 21.1R2 and later versions prior to 21.1R3-S4; 21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.2023-01-137.5CVE-2023-22396
CONFIRM
N/A -- N/A
 
When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. The dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R1-S2, 22.2R2.2023-01-137.5CVE-2023-22399
CONFIRM
MISC
N/A -- N/A
 
An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO.2023-01-137.5CVE-2023-22400
CONFIRM
N/A -- N/A
 
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.2023-01-137.5CVE-2023-22401
CONFIRM
N/A -- N/A
 
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10k Series Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.2023-01-137.5CVE-2023-22403
CONFIRM
N/A -- N/A
 
An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP ALG can not process it which will lead to an FPC crash and restart. Continued receipt of these specific packets will lead to a sustained Denial of Service. This issue can only occur when both below mentioned conditions are fulfilled: 1. Call distribution needs to be enabled: [security alg sip enable-call-distribution] 2. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX, and MX with SPC3 use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX 5000 Series: 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.2023-01-137.5CVE-2023-22408
CONFIRM
N/A -- N/A
 
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions.2023-01-137.5CVE-2023-22410
CONFIRM
N/A -- N/A
 
An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.2023-01-137.5CVE-2023-22411
CONFIRM
N/A -- N/A
 
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series.2023-01-137.5CVE-2023-22412
CONFIRM
N/A -- N/A
 
An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue only occurs if an IPv4 address is not configured on the multiservice interface. This issue affects: Juniper Networks Junos OS on MX Series All versions prior to 19.4R3-S9; 20.1 version 20.1R3-S5 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2.2023-01-137.5CVE-2023-22413
CONFIRM
N/A -- N/A
 
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.2023-01-137.5CVE-2023-22415
CONFIRM
N/A -- N/A
 
A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series.2023-01-137.5CVE-2023-22416
CONFIRM
N/A -- N/A
 
A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.2023-01-137.5CVE-2023-22417
CONFIRM
mercurius_project -- mercuriusMercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions.2023-01-097.5CVE-2023-22477
MISC
MISC
MISC
bzip2_project -- bzip2The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.2023-01-107.5CVE-2023-22895
MISC
MISC
N/A -- N/A
 
Visual Studio Code Remote Code Execution.2023-01-107.3CVE-2023-21779
MISC
joomgallery_project -- joomgalleryA vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.2023-01-067.2CVE-2018-25067
MISC
MISC
MISC
MISC
MISC
bravenewcode -- wptouchThe WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)2023-01-097.2CVE-2022-3416
MISC
wp_custom_admin_interface_project -- wp_custom_admin_interfaceThe WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.2023-01-097.2CVE-2022-4043
MISC
linksys -- wrt54gl_firmwareA buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi.2023-01-097.2CVE-2022-43970
CONFIRM
CONFIRM
CONFIRM
linksys -- wumc710_firmwareAn arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.2023-01-097.2CVE-2022-43971
CONFIRM
CONFIRM
CONFIRM
linksys -- wrt54gl_firmwareAn arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.2023-01-097.2CVE-2022-43973
CONFIRM
CONFIRM
CONFIRM
nokia -- asik_airscale_474021a.102_firmwareThe bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.2023-01-067.1CVE-2022-2483
MISC
zebra -- enterprise_home_screenAn issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin.2023-01-107.1CVE-2022-36441
MISC
MISC
zoom -- zoomZoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.2023-01-097.1CVE-2022-36928
MISC
N/A -- N/A
 
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21736, CVE-2023-21737.2023-01-107.1CVE-2023-21738
MISC
N/A -- N/A
 
Microsoft Office Visio Information Disclosure Vulnerability.2023-01-107.1CVE-2023-21741
MISC
N/A -- N/A
 
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774.2023-01-107.1CVE-2023-21750
MISC
N/A -- N/A
 
Windows Backup Service Elevation of Privilege Vulnerability.2023-01-107.1CVE-2023-21752
MISC
N/A -- N/A
 
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21765.2023-01-107.1CVE-2023-21760
MISC
qualcomm -- sd888_5g_firmwareMemory corruption in Multimedia Framework due to unsafe access to the data members2023-01-097CVE-2022-25716
MISC
N/A -- N/A
 
Azure Service Fabric Container Elevation of Privilege Vulnerability.2023-01-107CVE-2023-21531
MISC
N/A -- N/A
 
Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552.2023-01-107CVE-2023-21532
MISC
microsoft -- windows_server_2008Windows Installer Elevation of Privilege Vulnerability.2023-01-107CVE-2023-21542
MISC
N/A -- N/A
 
Windows Bind Filter Driver Elevation of Privilege Vulnerability.2023-01-107CVE-2023-21733
MISC
N/A -- N/A
 
Windows Bluetooth Driver Elevation of Privilege Vulnerability.2023-01-107CVE-2023-21739
MISC
N/A -- N/A
 
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability.2023-01-107CVE-2023-21771
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
siemens -- simatic_drive_controller_cpu_1504d_tf_firmwareAffected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.2023-01-106.8CVE-2022-38773
MISC
N/A -- N/A
 
BitLocker Security Feature Bypass Vulnerability.2023-01-106.8CVE-2023-21563
MISC
sap -- host_agentIn SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.2023-01-106.7CVE-2023-0012
MISC
MISC
N/A -- N/A
 
Windows Boot Manager Security Feature Bypass Vulnerability.2023-01-106.6CVE-2023-21560
MISC
merlinsboard_project -- merlinsboardA vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability.2023-01-096.5CVE-2015-10033
MISC
MISC
MISC
qualcomm -- apq8009_firmwareInformation disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.2023-01-096.5CVE-2022-33255
MISC
qualcomm -- ar8035_firmwareInformation disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.2023-01-096.5CVE-2022-33283
MISC
qualcomm -- aqt1000_firmwareInformation disclosure due to buffer over-read in WLAN while parsing BTM action frame.2023-01-096.5CVE-2022-33284
MISC
qualcomm -- apq8009_firmwareTransient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.2023-01-096.5CVE-2022-33285
MISC
qualcomm -- apq8009_firmwareTransient DOS due to buffer over-read in WLAN while processing 802.11 management frames.2023-01-096.5CVE-2022-33286
MISC
github -- enterprise_serverAn incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program.2023-01-096.5CVE-2022-46258
MISC
MISC
MISC
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues.2023-01-106.5CVE-2022-4702
MISC
MISC
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick an administrator into performing an action, such as clicking a link.2023-01-106.5CVE-2022-4707
MISC
MISC
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed.2023-01-106.5CVE-2022-4708
MISC
MISC
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library.2023-01-106.5CVE-2022-4709
MISC
MISC
MISC
huawei -- emuiThe Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.2023-01-066.5CVE-2022-47974
MISC
MISC
google -- chromeInappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)2023-01-106.5CVE-2023-0132
MISC
MISC
google -- chromeInappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)2023-01-106.5CVE-2023-0133
MISC
MISC
google -- chromeInsufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)2023-01-106.5CVE-2023-0139
MISC
MISC
google -- chromeInappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)2023-01-106.5CVE-2023-0140
MISC
MISC
N/A -- N/A
 
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.2023-01-136.5CVE-2023-22395
CONFIRM
N/A -- N/A
 
An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will lead to continuous crashing of iked and thereby the inability for any IKE negotiations to take place. Note that this payload is only processed after the authentication has successfully completed. So the issue can only be exploited by an attacker who can successfully authenticate. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2.2023-01-136.5CVE-2023-22404
CONFIRM
N/A -- N/A
 
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on.2023-01-136.5CVE-2023-22405
CONFIRM
N/A -- N/A
 
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.2023-01-136.5CVE-2023-22406
CONFIRM
N/A -- N/A
 
An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO.2023-01-136.5CVE-2023-22407
CONFIRM
N/A -- N/A
 
A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command "show heap extensive". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series.2023-01-136.5CVE-2023-22414
CONFIRM
fit2cloud -- kubepiKubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.2023-01-106.5CVE-2023-22479
MISC
circl -- pandoraworkers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).2023-01-106.5CVE-2023-22898
MISC
linux -- linux_kernelA use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.2023-01-106.4CVE-2022-4382
MISC
N/A -- N/A
 
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability.2023-01-106.3CVE-2023-21725
MISC
simplesamlphp -- information_cards_moduleA vulnerability was found in Information Cards Module and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability.2023-01-096.1CVE-2010-10004
MISC
MISC
MISC
MISC
console_project -- consoleA vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651.2023-01-086.1CVE-2014-125070
MISC
MISC
MISC
mysimplifiedsql_project -- mysimplifiedsqlA vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595.2023-01-076.1CVE-2015-10019
MISC
MISC
MISC
rimdev -- definelyA vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is b31a022ba4d8d17148445a13ebb5a42ad593dbaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217608.2023-01-076.1CVE-2015-10021
MISC
MISC
MISC
MISC
pear_programming_project -- pear_programmingA vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624.2023-01-076.1CVE-2015-10028
MISC
MISC
MISC
MISC
healthmateweb_project -- healthmatewebA vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The name of the patch is 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663.2023-01-096.1CVE-2015-10032
MISC
MISC
MISC
symbiote -- seedA vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.2023-01-076.1CVE-2017-20164
MISC
MISC
MISC
MISC
inline_svg_project -- inline_svgA vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The name of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability.2023-01-076.1CVE-2020-36644
MISC
MISC
MISC
MISC
MISC
tasmota_project -- tasmotaCross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".2023-01-096.1CVE-2021-36603
MISC
01-scripts -- 01acpA vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability.2023-01-086.1CVE-2021-4309
MISC
MISC
MISC
01-scripts -- 01-artikelsystemA vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability.2023-01-096.1CVE-2021-4310
MISC
MISC
MISC
phoenixframework -- phoenix_htmltag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.2023-01-106.1CVE-2021-46871
MISC
MISC
event_management_system_project -- event_management_systemA vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability.2023-01-076.1CVE-2022-1102
MISC
MISC
MISC
mega -- hopexAn issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features.2023-01-106.1CVE-2022-38481
MISC
MISC
sunshinephotocart -- sunshine_photo_cartThe Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.2023-01-096.1CVE-2022-4301
MISC
wp-slimstat -- slimstat_analyticsThe Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs2023-01-096.1CVE-2022-4310
MISC
ifeelweb -- post_status_notifier_liteThe Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.2023-01-096.1CVE-2022-4325
MISC
cpkwebsolutions -- wp_csvThe WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting.2023-01-096.1CVE-2022-4368
MISC
bg_bible_references_project -- bg_bible_referencesThe Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.2023-01-096.1CVE-2022-4374
MISC
maccms -- maccmsA reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.2023-01-066.1CVE-2022-44870
MISC
MISC
zimbra -- collaborationAn issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.2023-01-066.1CVE-2022-45911
MISC
MISC
zimbra -- collaborationAn issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.2023-01-066.1CVE-2022-45913
MISC
MISC
inkdrop -- inkdropAn issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file.2023-01-096.1CVE-2022-46603
MISC
mendix -- samlA vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.2023-01-106.1CVE-2022-46823
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting2023-01-106.1CVE-2022-4710
MISC
MISC
MISC
kaltura -- mwembedA vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664.2023-01-096.1CVE-2022-4882
MISC
MISC
MISC
MISC
MISC
sap -- netweaver_application_server_abapThe ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.2023-01-106.1CVE-2023-0013
MISC
MISC
sap -- businessobjects_business_intelligence_platformDue to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.2023-01-106.1CVE-2023-0018
MISC
MISC
control_id_panel_project -- control_id_panelA vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.2023-01-096.1CVE-2023-0125
MISC
MISC
MISC
N/A -- N/A
 
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the attacker is able to sustain the offending traffic, a Distributed Denial of Service (DDoS) event occurs. As a DDoS event, the offending packets sent by the attacker will continue to flow from one device to another as long as they are received and processed by any devices, ultimately causing a cascading outage to any vulnerable devices. Devices not vulnerable to the memory leak will process and forward the offending packet(s) to neighboring devices. Due to internal anti-flood security controls and mechanisms reaching their maximum limit of response in the worst-case scenario, all affected Junos OS Evolved devices will reboot in as little as 1.5 days. Reboots to restore services cannot be avoided once the memory leak begins. The device will self-recover after crashing and rebooting. Operator intervention isn't required to restart the device. This issue affects: Juniper Networks Junos OS Evolved on PTX10003: All versions prior to 20.4R3-S4-EVO; 21.3 versions prior to 21.3R3-S1-EVO; 21.4 versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2 versions prior to 22.2R2-EVO. To check memory, customers may VTY to the PFE first then execute the following show statement: show jexpr jtm ingress-main-memory chip 255 | no-more Alternatively one may execute from the RE CLI: request pfe execute target fpc0 command "show jexpr jtm ingress-main-memory chip 255 | no-more" Iteration 1: Example output: Mem type: NH, alloc type: JTM 136776 bytes used (max 138216 bytes used) 911568 bytes available (909312 bytes from free pages) Iteration 2: Example output: Mem type: NH, alloc type: JTM 137288 bytes used (max 138216 bytes used) 911056 bytes available (909312 bytes from free pages) The same can be seen in the CLI below, assuming the scale does not change: show npu memory info Example output: FPC0:NPU16 mem-util-jnh-nh-size 2097152 FPC0:NPU16 mem-util-jnh-nh-allocated 135272 FPC0:NPU16 mem-util-jnh-nh-utilization 62023-01-136.1CVE-2023-22397
CONFIRM
thinkst -- canarytokensCanarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use this to execute Javascript in the Canarytoken's trigger history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken's creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken's creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator's network location. This vulnerability is similar to CVE-2022-31113, but affected parameters reported differently from the Canarytoken trigger request. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. Canarytokens Docker images sha-fb61290 and later contain a patch for this issue.2023-01-066.1CVE-2023-22475
MISC
MISC
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.2023-01-106.1CVE-2023-22911
MISC
weave -- weave_gitopsWeave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information permitting access to the s3 bucket. From that point, it would be possible to alter the bucket content, resulting in changes in the Kubernetes cluster's resources. There are no known workaround(s) for this vulnerability. This vulnerability has been fixed by commits ce2bbff and babd915. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022.2023-01-096CVE-2022-23509
MISC
MISC
MISC
N/A -- N/A
 
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.2023-01-135.9CVE-2023-22402
CONFIRM
zip4j_project -- zip4jZip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.2023-01-105.9CVE-2023-22899
MISC
MISC
MISC
MISC
MISC
sap -- bank_account_managementIn SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application.2023-01-105.7CVE-2023-0023
MISC
MISC
cesnet -- theme-cesnetA vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.2023-01-075.5CVE-2016-15014
MISC
MISC
MISC
MISC
MISC
ibm -- security_verify_governanceIBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232.2023-01-095.5CVE-2022-22470
MISC
MISC
qualcomm -- apq8096au_firmwareInformation exposure in DSP services due to improper handling of freeing memory2023-01-095.5CVE-2022-25722
MISC
qualcomm -- ar8035_firmwareDenial of service in MODEM due to improper pointer handling2023-01-095.5CVE-2022-25725
MISC
qualcomm -- aqt1000_firmwareInformation disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.2023-01-095.5CVE-2022-33252
MISC
qualcomm -- aqt1000_firmwareTransient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.2023-01-095.5CVE-2022-33253
MISC
zebra -- enterprise_home_screenAn issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK.2023-01-105.5CVE-2022-36442
MISC
MISC
qualcomm -- aqt1000_firmwareInformation disclosure due to buffer overread in Core2023-01-095.5CVE-2022-40518
MISC
qualcomm -- aqt1000_firmwareInformation disclosure due to buffer overread in Core2023-01-095.5CVE-2022-40519
MISC
apache -- jamesUnproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.2023-01-065.5CVE-2022-45787
MISC
apache -- jamesUsage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.2023-01-065.5CVE-2022-45935
MISC
netis-systems -- netcore_router_firmwareA vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The identifier of this vulnerability is VDB-217592.2023-01-075.5CVE-2023-0114
MISC
MISC
N/A -- N/A
 
Windows Cryptographic Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21550, CVE-2023-21559.2023-01-105.5CVE-2023-21540
MISC
N/A -- N/A
 
Windows Cryptographic Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21540, CVE-2023-21559.2023-01-105.5CVE-2023-21550
MISC
N/A -- N/A
 
Windows Cryptographic Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21540, CVE-2023-21550.2023-01-105.5CVE-2023-21559
MISC
N/A -- N/A
 
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-135.5CVE-2023-21591
MISC
N/A -- N/A
 
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-135.5CVE-2023-21592
MISC
N/A -- N/A
 
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-135.5CVE-2023-21598
MISC
N/A -- N/A
 
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-01-135.5CVE-2023-21599
MISC
N/A -- N/A
 
Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21536.2023-01-105.5CVE-2023-21753
MISC
N/A -- N/A
 
Windows Kernel Information Disclosure Vulnerability.2023-01-105.5CVE-2023-21776
MISC
N/A -- N/A
 
An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an inconsistent "deterministic NAT" configuration is present on an SRX, or MX with SPC3 and then a specific CLI command is issued the SPC will crash and restart. Repeated execution of this command will lead to a sustained DoS. Such a configuration is characterized by the total number of port blocks being greater than the total number of hosts. An example for such configuration is: [ services nat source pool TEST-POOL address x.x.x.0/32 to x.x.x.15/32 ] [ services nat source pool TEST-POOL port deterministic block-size 1008 ] [ services nat source pool TEST-POOL port deterministic host address y.y.y.0/24] [ services nat source pool TEST-POOL port deterministic include-boundary-addresses] where according to the following calculation: 65536-1024=64512 (number of usable ports per IP address, implicit) 64512/1008=64 (number of port blocks per Nat IP) x.x.x.0/32 to x.x.x.15/32 = 16 (NAT IP addresses available in NAT pool) total port blocks in NAT Pool = 64 blocks per IP * 16 IPs = 1024 Port blocks host address y.y.y.0/24 = 256 hosts (with include-boundary-addresses) If the port block size is configured to be 4032, then the total port blocks are (64512/4032) * 16 = 256 which is equivalent to the total host addresses of 256, and the issue will not be seen. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2.2023-01-135.5CVE-2023-22409
CONFIRM
kluks -- xingwallA vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.2023-01-065.4CVE-2014-125048
MISC
MISC
MISC
easyvista -- service_managerAn issue was discovered in EasyVista 2020.2.125.3 before 2022.1.110.1.02. It is prone to stored Cross-site Scripting (XSS).2023-01-105.4CVE-2022-38489
MISC
zte -- mf286r_firmwareThere is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.2023-01-065.4CVE-2022-39072
MISC
vision_interactive_project -- vision_interactiveThe Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2023-01-095.4CVE-2022-4391
MISC
ipanorama_360_wordpress_virtual_tour_builder_project -- ipanorama_360_wordpress_virtual_tour_builderThe iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2023-01-095.4CVE-2022-4392
MISC
imagelinks_interactive_image_builder_project -- imagelinks_interactive_image_builderThe ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2023-01-095.4CVE-2022-4393
MISC
ipages_flipbook_project -- ipages_flipbookThe iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2023-01-095.4CVE-2022-4394
MISC
bootstrapped -- wp_recipe_makerThe WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.2023-01-095.4CVE-2022-4468
MISC
table_of_contents_plus_project -- table_of_contents_plusThe Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-095.4CVE-2022-4479
MISC
wp-table_reloaded_project -- wp-table_reloadedThe WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.2023-01-095.4CVE-2022-4491
MISC
automattic -- jetpack_crmThe Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins2023-01-095.4CVE-2022-4497
MISC
apache -- sling_cmsAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.42023-01-095.4CVE-2022-46769
MISC
pac3_project -- pac3A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability.2023-01-085.4CVE-2022-4881
MISC
MISC
MISC
MISC
sap -- business_objects_business_intelligence_platformIn SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.2023-01-105.4CVE-2023-0015
MISC
MISC
usememos -- memosCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.2023-01-075.4CVE-2023-0106
CONFIRM
MISC
usememos -- memosCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.2023-01-075.4CVE-2023-0107
CONFIRM
MISC
usememos -- memosCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.2023-01-075.4CVE-2023-0108
MISC
CONFIRM
usememos -- memosCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.2023-01-075.4CVE-2023-0110
MISC
CONFIRM
usememos -- memosCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.2023-01-075.4CVE-2023-0111
MISC
CONFIRM
usememos -- memosCross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.2023-01-075.4CVE-2023-0112
MISC
CONFIRM
easy-script_project -- easy-scriptA vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596.2023-01-075.3CVE-2014-125055
MISC
MISC
MISC
MISC
pylonsproject -- horusA vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.2023-01-075.3CVE-2014-125056
MISC
MISC
MISC
maps-js-icoads_project -- maps-js-icoadsA vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643.2023-01-085.3CVE-2014-125068
MISC
MISC
MISC
maps-js-icoads_project -- maps-js-icoadsA vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.2023-01-085.3CVE-2014-125069
MISC
MISC
MISC
surpass_project -- surpassA vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.2023-01-085.3CVE-2015-10030
MISC
MISC
MISC
MISC
paysafe -- barzahlen_payment_module_php_sdkA vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability.2023-01-085.3CVE-2016-15015
MISC
MISC
MISC
MISC
MISC
afkmods -- qsf-portalA vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The name of the patch is ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability.2023-01-065.3CVE-2019-25099
MISC
MISC
MISC
yunohost -- transmission_ynhA vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The name of the patch is f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability.2023-01-085.3CVE-2020-36647
MISC
MISC
MISC
MISC
jatos -- jatosA vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b42519f309d8164e8811392770ce604cdabb5da. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217548.2023-01-065.3CVE-2022-4878
MISC
MISC
MISC
MISC
N/A -- N/A
 
Remote Procedure Call Runtime Denial of Service Vulnerability.2023-01-105.3CVE-2023-21525
MISC
N/A -- N/A
 
Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability.2023-01-105.3CVE-2023-21682
MISC
N/A -- N/A
 
Microsoft SharePoint Server Security Feature Bypass Vulnerability.2023-01-105.3CVE-2023-21743
MISC
N/A -- N/A
 
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO.2023-01-135.3CVE-2023-22398
CONFIRM
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.2023-01-105.3CVE-2023-22909
MISC
tribe29 -- checkmkPath-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.2023-01-094.9CVE-2022-4884
MISC
404_to_start_project -- 404_to_startThe 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-01-094.8CVE-2022-3855
MISC
mondula -- multi_step_formThe Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-01-094.8CVE-2022-4196
MISC
machothemes -- cpo_companionThe CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-01-104.8CVE-2023-0162
MISC
MISC
N/A -- N/A
 
Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21753.2023-01-104.7CVE-2023-21536
MISC
N/A -- N/A
 
Windows Overlay Filter Information Disclosure Vulnerability.2023-01-104.7CVE-2023-21766
MISC
qualcomm -- apq8009_firmwareDenial of service while processing fastboot flash command on mmc due to buffer over read2023-01-094.6CVE-2022-22079
MISC
avira -- avira_securityAvira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.782023-01-104.4CVE-2022-4429
MISC
reddit-on-rails_project -- reddit-on-railsA vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The name of the patch is 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability.2023-01-074.3CVE-2014-125054
MISC
MISC
MISC
mega -- hopexA link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.2023-01-104.3CVE-2022-38482
MISC
MISC
activecampaign -- activecampaign_for_woocommerceThe ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.2023-01-094.3CVE-2022-3923
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title2023-01-094.3CVE-2022-4103
MISC
wpswings -- mautic_integration_for_woocommerceThe Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.2023-01-094.3CVE-2022-4426
MISC
archibus -- archibus_web_centralAn issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking2023-01-104.3CVE-2022-45164
MISC
archibus -- archibus_web_centralAn issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role.2023-01-104.3CVE-2022-45166
MISC
archibus -- archibus_web_centralAn issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users.2023-01-104.3CVE-2022-45167
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704.2023-01-104.3CVE-2022-4705
MISC
MISC
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item.2023-01-104.3CVE-2022-4711
MISC
MISC
MISC
google -- chromeInsufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)2023-01-104.3CVE-2023-0141
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
2code -- wpqa_builderThe WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.2023-01-093.5CVE-2022-3343
MISC
nextcloud -- deckDeck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2.2023-01-103.5CVE-2023-22469
MISC
MISC
N/A -- N/A
 
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability.2023-01-103.3CVE-2023-21759
MISC
royal-elementor-addons -- royal_elementor_addonsThe Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.2023-01-093.1CVE-2022-4102
MISC
nextcloud -- talkTalk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.2023-01-092.1CVE-2023-22473
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cool-php-captcha -- cool-php-captcha
 
A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296.2023-01-13not yet calculatedCVE-2009-10001
MISC
MISC
MISC
MISC
MISC
dpup -- fittr-flickr
 
A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability.2023-01-13not yet calculatedCVE-2009-10002
MISC
MISC
MISC
backdrop_contrib -- basic_cart
 
A vulnerability was found in backdrop-contrib Basic Cart. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The name of the patch is a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability.2023-01-11not yet calculatedCVE-2012-10004
MISC
MISC
MISC
MISC
php-form-builder-class -- php-form-builder-class
 
A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155.2023-01-12not yet calculatedCVE-2012-10005
MISC
MISC
MISC
MISC
zerochplus -- zerochplus
 
A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007.2023-01-11not yet calculatedCVE-2013-10010
MISC
MISC
MISC
classroom-engagement-system -- classroom-engagement-system
 
A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of the patch is 096de5815c7b414e7339f3439522a446098fb73a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218156.2023-01-12not yet calculatedCVE-2013-10011
MISC
MISC
MISC
voyager -- voyager
 
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability.2023-01-11not yet calculatedCVE-2014-125074
MISC
MISC
MISC
google -- gmail-servlet
 
A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability.2023-01-11not yet calculatedCVE-2014-125075
MISC
MISC
MISC
criminals -- criminals
 
A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability.2023-01-11not yet calculatedCVE-2014-125076
MISC
MISC
MISC
cis450project -- cis450project
 
A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380.2023-01-14not yet calculatedCVE-2015-10020
MISC
MISC
MISC
dronfelipe -- dronfelipe
 
A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951.2023-01-11not yet calculatedCVE-2015-10036
MISC
MISC
MISC
aci_escola -- aci_escola
 
A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability.2023-01-11not yet calculatedCVE-2015-10037
MISC
MISC
MISC
pplv2-- pplv2
 
A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 28f8b0550104044da09f04659797487c59f85b00. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218023.2023-01-11not yet calculatedCVE-2015-10038
MISC
MISC
MISC
domino-- domino
 
A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. The name of the patch is 16f039073709a21a76526110d773a6cce0ce753a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218024.2023-01-11not yet calculatedCVE-2015-10039
MISC
MISC
MISC
MISC
gitlearn -- gitlearn
 
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The name of the patch is 3faa5deaa509012069afe75cd03c21bda5050a64. It is recommended to apply a patch to fix this issue. VDB-218302 is the identifier assigned to this vulnerability.2023-01-13not yet calculatedCVE-2015-10040
MISC
MISC
MISC
MISC
apollo -- apollo
 
A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The name of the patch is 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307.2023-01-14not yet calculatedCVE-2015-10043
MISC
MISC
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes.2023-01-12not yet calculatedCVE-2017-14454
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014ebc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16256
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014f28, the value for the `cmd3` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16257
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014f7c, the value for the `cmd4` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16258
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015430, the value for the `usr` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16259
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015478, the value for the `pwd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16260
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015714, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16261
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015864, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16262
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015a8c, the value for the `val` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16263
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_b, at 0x9d015cfc, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16264
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_bt, at 0x9d016104, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16265
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d016530, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16266
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d016578, the value for the `val` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16267
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d0165c0, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16268
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d01672c, the value for the `s_speaker` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16269
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d01679c, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16270
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016c94, the value for the `as_c` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16271
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016cf0, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16272
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_ml, at 0x9d016fa8, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16273
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_u, at 0x9d017364, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16274
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d01758c, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16275
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d0175f4, the value for the `gbt` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16276
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d017658, the value for the `gcmd` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16277
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01815c, the value for the `ip` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16278
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181a4, the value for the `port` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16279
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181ec, the value for the `gate` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16280
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d018234, the value for the `sub` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16281
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01827c, the value for the `dhcp` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16282
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d0188a8, the value for the `name` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16283
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d018958, the value for the `city` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16284
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018e58, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16285
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018ea0, the value for the `dststart` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16286
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f00, the value for the `dstend` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16287
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f60, the value for the `dst` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16288
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_utc, at 0x9d0193ac, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16289
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d01980c, the value for the `sunrise` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16290
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d019854, the value for the `sunset` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16291
MISC

insteon -- hub

 

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_schd, at 0x9d019c50, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16292
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a010, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16293
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a144, the value for the `on` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16294
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a18c, the value for the `off` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16295
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a1d4, the value for the `days` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16296
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a21c, the value for the `oncmd` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16297
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a264, the value for the `offcmd` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16298
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_raw, at 0x9d01aad8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16299
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ac74, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16300
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad14, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16301
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad78, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16302
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01addc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16303
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ae40, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16304
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b20c, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16305
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b2ac, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16306
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b310, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16307
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b374, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16308
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b3d8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16309
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_ch, at 0x9d01b7b0, the value for the `ch` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16310
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd UpdateCheck, at 0x9d01bb64, the value for the `type` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16311
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c028, the value for the `sn_discover` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16312
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c084, the value for the `s_ddelay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16313
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c1cc, the value for the `s_speaker` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16314
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c3a0, the value for the `s_state` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16315
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c898, the value for the `g_meta_page` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16316
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d068, the value for the `g_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16317
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d16c, the value for the `g_group_off` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16318
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d7a8, the value for the `g_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16319
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01ddd4, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16320
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e050, the value for the `s_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16321
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e228, the value for the `c_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16322
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e2f4, the value for the `s_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16323
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e368, the value for the `s_group_vol` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16324
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e3a8, the value for the `s_group_cmd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16325
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e5f4, the value for the `sn_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16326
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_init_event, at 0x9d01ea88, the value for the `s_event_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16327
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb08, the value for the `s_event_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16328
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb44, the value for the `s_event_delay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16329
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb8c, the value for the `s_event_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16330
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01ebd4, the value for the `s_tid` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16331
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01ec34, the value for the `s_aid` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16332
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event, at 0x9d01ed7c, the value for the `s_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16333
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event, at 0x9d01edb8, the value for the `s_raw` key is copied using `strcpy` to the buffer at `$sp+0x10`.This buffer is 244 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16334
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_var, at 0x9d01ee70, the value for the `s_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16335
MISC
insteon -- hub
 
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_var, at 0x9d01eeb0, the value for the `s_value` key is copied using `strcpy` to the buffer at `$sp+0x10`.This buffer is 244 bytes large, sending anything longer will cause a buffer overflow.2023-01-11not yet calculatedCVE-2017-16336
MISC
minichan -- minichan
 
A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability.2023-01-14not yet calculatedCVE-2017-20167
MISC
MISC
MISC
MISC
piwallet -- piwallet
 
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.2023-01-11not yet calculatedCVE-2017-20168
MISC
MISC
MISC
MISC
ton-masterserver-- ton-masterserver
 
A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability.2023-01-13not yet calculatedCVE-2017-20169
MISC
MISC
MISC
rapid7 -- nextpose_virtual_appliance/insightvm_virtual_appliance
 
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.2023-01-12not yet calculatedCVE-2017-5242
CONFIRM

tsn-ranksystem -- tsn-ranksystem

 

A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability.2023-01-11not yet calculatedCVE-2018-25073
MISC
MISC
MISC
MISC
MISC
skeemas -- skeemas
 
A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003.2023-01-11not yet calculatedCVE-2018-25074
MISC
MISC
MISC
papaparse -- papaparse
 
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.2023-01-11not yet calculatedCVE-2020-36649
MISC
MISC
MISC
MISC
MISC
MISC
node-gry -- node-gry
 
A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.2023-01-11not yet calculatedCVE-2020-36650
MISC
MISC
MISC
MISC
MISC
amd -- multiple_products
 
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.2023-01-11not yet calculatedCVE-2021-26316
MISC
MISC
amd -- 3rd_gen_epyc
 
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.2023-01-11not yet calculatedCVE-2021-26328
MISC
amd -- 3rd_gen_epyc
 
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.2023-01-11not yet calculatedCVE-2021-26343
MISC
amd -- ryzen_5000_series
 
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.2023-01-11not yet calculatedCVE-2021-26346
MISC
amd -- 3rd_gen_epyc
 
Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.2023-01-11not yet calculatedCVE-2021-26355
MISC
amd -- 3rd_gen_epyc
 
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest.2023-01-11not yet calculatedCVE-2021-26396
MISC
amd -- 1st_gen_epyc
 
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.2023-01-11not yet calculatedCVE-2021-26398
MISC
amd -- 2nd_gen_epyc
 
Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.2023-01-11not yet calculatedCVE-2021-26402
MISC
amd -- 1st_gen_epyc/2nd_gen_epyc
 
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.2023-01-11not yet calculatedCVE-2021-26403
MISC
amd -- 3rd_gen_epyc
 
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.2023-01-11not yet calculatedCVE-2021-26404
MISC
amd -- 2nd_gen_epyc
 
A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.2023-01-11not yet calculatedCVE-2021-26407
MISC

amd -- 3rd_gen_epyc

 

Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity.2023-01-11not yet calculatedCVE-2021-26409
MISC
johnson_controls -- metasys_ads/adx/oas
 
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text.2023-01-13not yet calculatedCVE-2021-36204
CERT
CONFIRM
zephyr -- zephyr
 
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.2023-01-11not yet calculatedCVE-2021-3966
MISC
amd -- 2nd_gen_epyc
 
Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service.2023-01-11not yet calculatedCVE-2021-46767
MISC

amd -- 2nd_gen_epyc

 

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.2023-01-11not yet calculatedCVE-2021-46768
MISC

amd -- 1st_gen_epyc

 

Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.2023-01-11not yet calculatedCVE-2021-46779
MISC

amd -- 3rd_gen_epyc

 

Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.2023-01-11not yet calculatedCVE-2021-46791
MISC
amd -- ryzen_5000_series/ryzen_3000_series
 
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.2023-01-11not yet calculatedCVE-2021-46795
MISC
nim -- nim
 
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)2023-01-13not yet calculatedCVE-2021-46872
MISC
MISC
MISC
MISC
MISC
zephyr -- zephyr
 
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.2023-01-11not yet calculatedCVE-2022-0553
MISC
publify -- publify
 
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.2023-01-14not yet calculatedCVE-2022-1812
CONFIRM
MISC

global-modules-path-- global-modules-path

 

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.2023-01-13not yet calculatedCVE-2022-21191
MISC
MISC
MISC
MISC
hitachi_energy -- lumada_apm
 
A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining unauthorized access to any Power BI reports installed by the customer. Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker. Affected versions * Lumada APM on-premises version 6.0.0.0 - 6.4.0.* List of CPEs: * cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:*2023-01-12not yet calculatedCVE-2022-2155
MISC

neo4j -- neo4j-apoc-procedures

 

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export.* procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the vulnerability to be exploited, an attacker would need access to execute an arbitrary query, either by having access to an authenticated Neo4j client, or a Cypher injection vulnerability in an application. The minimum versions containing patch for this vulnerability are 4.4.0.12 and 4.3.0.12 and 5.3.1. As a workaround, you can control the allowlist of the procedures that can be used in your system, and/or turn off local file access by setting apoc.export.file.enabled=false.2023-01-14not yet calculatedCVE-2022-23532
MISC
MISC
amd -- 2nd_gen_epyc/3rd_gen_epyc
 
The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment.2023-01-11not yet calculatedCVE-2022-23813
MISC
amd -- 3rd_gen_epyc
 
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment.2023-01-11not yet calculatedCVE-2022-23814
MISC

com.fasterxml.util:java-merge-sort -- com.fasterxml.util:java-merge-sort

 

Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.2023-01-12not yet calculatedCVE-2022-24913
MISC
MISC
MISC
rocket -- trufusion_enterprise
 
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy.2023-01-12not yet calculatedCVE-2022-25026
MISC
rocket -- trufusion_enterprise
 
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.2023-01-12not yet calculatedCVE-2022-25027
MISC
publify -- publify
 
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.2023-01-14not yet calculatedCVE-2022-2815
CONFIRM
MISC
talend -- administration_center
 
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.2023-01-10not yet calculatedCVE-2022-30332
MISC
MISC
wildfly-elytron -- wildfly-elytron
 
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.2023-01-13not yet calculatedCVE-2022-3143
MISC
okta -- oidc_middleware
 
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.2023-01-12not yet calculatedCVE-2022-3145
MISC
siemens --jt2go/teamcenter_visualization
 
The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.2023-01-13not yet calculatedCVE-2022-3159
MISC
MISC
MISC
siemens --jt2go/teamcenter_visualization
 
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.2023-01-13not yet calculatedCVE-2022-3160
MISC
MISC
MISC
siemens --jt2go/teamcenter_visualization
 
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.2023-01-13not yet calculatedCVE-2022-3161
MISC
MISC
MISC
ffmpeg -- ffmpeg
 
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.2023-01-12not yet calculatedCVE-2022-3341
MISC
MISC
ibm -- sterling_partner_engagement_manager
 
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.2023-01-11not yet calculatedCVE-2022-34335
MISC
MISC
samba-- samba
 
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.2023-01-12not yet calculatedCVE-2022-3437
MISC
MISC
MISC
dell_emc -- secure_connect_gateway_policy_managerDell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.2023-01-11not yet calculatedCVE-2022-34440
MISC
dell_emc -- secure_connect_gateway_policy_managerDell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.2023-01-11not yet calculatedCVE-2022-34441
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.2023-01-12not yet calculatedCVE-2022-3514
CONFIRM
MISC
MISC
libksba -- libksba
 
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.2023-01-12not yet calculatedCVE-2022-3515
MISC
MISC
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.2023-01-12not yet calculatedCVE-2022-3573
MISC
MISC
CONFIRM
samba-- samba
 
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.2023-01-12not yet calculatedCVE-2022-3592
MISC
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service.2023-01-12not yet calculatedCVE-2022-3613
MISC
MISC
CONFIRM
linux -- kernel
 
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.2023-01-12not yet calculatedCVE-2022-3628
MISC
fileorbis -- file_management_system
 
The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability. This has been fixed in the version 10.6.32023-01-13not yet calculatedCVE-2022-3693
CONFIRM
keycloak -- keycloak
 
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.2023-01-13not yet calculatedCVE-2022-3782
MISC
rhacm -- rhacm
 
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests.2023-01-13not yet calculatedCVE-2022-3841
MISC
wordpress -- wordpress
 
Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.2023-01-14not yet calculatedCVE-2022-38467
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.2023-01-12not yet calculatedCVE-2022-3870
MISC
MISC
CONFIRM
h_c_mingham-smith_ltd -- tardis_2000
 
H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges.2023-01-12not yet calculatedCVE-2022-39182
MISC
moodle_plugin-saml_auth -- moodle_plugin-saml_auth
 
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.2023-01-12not yet calculatedCVE-2022-39183
MISC
exfo -- bv-10_performance_endpoint_unit
 
EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.2023-01-12not yet calculatedCVE-2022-39184
MISC
exfo -- bv-10_performance_endpoint_unit
 
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.2023-01-12not yet calculatedCVE-2022-39185
MISC
exfo -- bv-10_performance_endpoint_unit
 
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions2023-01-12not yet calculatedCVE-2022-39186
MISC
rumpus -- ftp_server
 
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.2023-01-12not yet calculatedCVE-2022-39187
MISC
linux -- kernel
 
A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.2023-01-12not yet calculatedCVE-2022-3977
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.2023-01-12not yet calculatedCVE-2022-4037
MISC
MISC
CONFIRM
ibm -- sterling_partner_engagement_manager
 
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.2023-01-11not yet calculatedCVE-2022-40615
MISC
MISC
qt_project -- qt
 
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.2023-01-12not yet calculatedCVE-2022-40983
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.2023-01-12not yet calculatedCVE-2022-4131
CONFIRM
MISC
MISC
gitlab -- gitlab
 
Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.2023-01-12not yet calculatedCVE-2022-4167
CONFIRM
MISC
go -- go
 
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.2023-01-13not yet calculatedCVE-2022-41721
MISC
MISC
MISC
delta_electronics -- infrasuite_device_master
 
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.2023-01-13not yet calculatedCVE-2022-41778
MISC
autolab -- autolab
 
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.2023-01-14not yet calculatedCVE-2022-41955
MISC
autolab -- autolab
 
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file's contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment > Advanced > Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.2023-01-14not yet calculatedCVE-2022-41956
MISC
MISC
mailenable -- webmail
 
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.2023-01-13not yet calculatedCVE-2022-42136
MISC
MISC
nvidia -- multiple_omniverse_products
 
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service.2023-01-13not yet calculatedCVE-2022-42268
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution2023-01-11not yet calculatedCVE-2022-42271
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges.2023-01-12not yet calculatedCVE-2022-42272
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.2023-01-12not yet calculatedCVE-2022-42273
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.2023-01-13not yet calculatedCVE-2022-42274
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service.2023-01-13not yet calculatedCVE-2022-42275
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.2023-01-13not yet calculatedCVE-2022-42276
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.2023-01-13not yet calculatedCVE-2022-42277
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.2023-01-13not yet calculatedCVE-2022-42278
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.2023-01-13not yet calculatedCVE-2022-42279
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass.2023-01-13not yet calculatedCVE-2022-42280
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.2023-01-13not yet calculatedCVE-2022-42281
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.2023-01-13not yet calculatedCVE-2022-42282
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.2023-01-13not yet calculatedCVE-2022-42283
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure.2023-01-13not yet calculatedCVE-2022-42284
MISC
nvidia -- nvidia_dgx_servers
 
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.2023-01-13not yet calculatedCVE-2022-42285
MISC
nvidia -- nvidia_dgx_servers
 
DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.2023-01-13not yet calculatedCVE-2022-42286
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering.2023-01-13not yet calculatedCVE-2022-42287
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.2023-01-13not yet calculatedCVE-2022-42288
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.2023-01-13not yet calculatedCVE-2022-42289
MISC
nvidia -- nvidia_dgx_servers
 
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.2023-01-13not yet calculatedCVE-2022-42290
MISC

servicenow -- service_catalog_widget

 

A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.2023-01-13not yet calculatedCVE-2022-42704
MISC
careteditor -- caret
 
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.2023-01-11not yet calculatedCVE-2022-42967
CONFIRM
zyxel -- nr7101_firmware
 
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.2023-01-11not yet calculatedCVE-2022-43389
CONFIRM
zyxel -- nr7101_firmware
 
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request.2023-01-11not yet calculatedCVE-2022-43390
CONFIRM
zyxel -- nr7101_firmware
 
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.2023-01-11not yet calculatedCVE-2022-43391
CONFIRM
zyxel -- nr7101_firmware
 
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.2023-01-11not yet calculatedCVE-2022-43392
CONFIRM
zyxel -- nr7101_firmware
 
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.2023-01-11not yet calculatedCVE-2022-43393
CONFIRM
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.2023-01-12not yet calculatedCVE-2022-4342
CONFIRM
MISC
MISC
wireshark -- wireshark
 
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file2023-01-12not yet calculatedCVE-2022-4344
CONFIRM
MISC
wireshark -- wireshark
 
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file2023-01-12not yet calculatedCVE-2022-4345
CONFIRM
MISC
qt_project -- qt
 
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.2023-01-12not yet calculatedCVE-2022-43591
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.2023-01-12not yet calculatedCVE-2022-4365
MISC
CONFIRM
MISC
systemd -- systemd
 
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.2023-01-11not yet calculatedCVE-2022-4415
MISC
MISC
cloudflare -- warp
 
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).2023-01-11not yet calculatedCVE-2022-4428
MISC
cloudflare -- warp
 
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.2023-01-11not yet calculatedCVE-2022-4457
MISC
tp-link -- wr710n/archer_c5
 
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.2023-01-11not yet calculatedCVE-2022-4498
MISC
tp-link -- wr710n/archer_c5
 
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.2023-01-11not yet calculatedCVE-2022-4499
MISC
archibus -- web_central
 
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.2023-01-10not yet calculatedCVE-2022-45165
MISC
rust-lang_webbrowser-rs -- rust-lang_webbrowser-rs
 
An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.2023-01-13not yet calculatedCVE-2022-45299
MISC
wordpress -- wordpress
 
Broken Access Control in Betheme theme <= 26.6.1 on WordPress.2023-01-14not yet calculatedCVE-2022-45353
MISC
linux -- kernel
 
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.2023-01-11not yet calculatedCVE-2022-4543
MISC
MISC
sourcecodester -- doctor_appointment_management_system
 
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.2023-01-12not yet calculatedCVE-2022-45728
MISC
sourcecodester -- doctor_appointment_management_system
 
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.2023-01-12not yet calculatedCVE-2022-45729
MISC
sourcecodester -- hospital_management_system
 
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.2023-01-13not yet calculatedCVE-2022-46093
MISC
delta_industrial_automation -- 4g_router_dx-3201
 
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions.2023-01-13not yet calculatedCVE-2022-4616
MISC
MISC
opensuse -- travel-support-program
 
Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The travel-support-program uses the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The `*_start`, `*_end` or `*_cont` search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force (A match is indicated by the returned JSON not being empty). A single bank account number can be extracted with <200 requests, a password hash can be extracted with ~1200 requests, all within a few minutes. The problem has been patched in commit d22916275c51500b4004933ff1b0a69bc807b2b7. In order to work around this issue, you can also cherry pick that patch, however it will not work without the Rails 5.0 migration that was done in #150, which in turn had quite a few pull requests it depended on.2023-01-10not yet calculatedCVE-2022-46163
MISC
MISC
MISC
rust-lang_cargo -- rust-lang_cargo
 
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible.2023-01-11not yet calculatedCVE-2022-46176
MISC
MISC
black_box -- multiple_products
 
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.2023-01-10not yet calculatedCVE-2022-4636
MISC
rumpus -- ftp_server
 
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.2023-01-12not yet calculatedCVE-2022-46367
MISC
rumpus -- ftp_server
 
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.2023-01-12not yet calculatedCVE-2022-46368
MISC
rumpus -- ftp_server
 
Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields.2023-01-12not yet calculatedCVE-2022-46369
MISC
rumpus -- ftp_server
 
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification.2023-01-12not yet calculatedCVE-2022-46370
MISC
alotcer -- ar7088h-a
 
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name.2023-01-12not yet calculatedCVE-2022-46371
MISC
alotcer -- ar7088h-a
 
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.2023-01-12not yet calculatedCVE-2022-46372
MISC
douphp -- douphp
 
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter.2023-01-13not yet calculatedCVE-2022-46438
MISC
harbor -- harbor
 
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.2023-01-13not yet calculatedCVE-2022-46463
MISC
sourcecodester -- online-health_care_system
 
Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php.2023-01-13not yet calculatedCVE-2022-46471
MISC
sourcecodester -- helmet_store_showroom_site
 
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete.2023-01-12not yet calculatedCVE-2022-46472
MISC
datax-web -- datax-web
 
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.2023-01-13not yet calculatedCVE-2022-46478
MISC
sourcecodester -- online_student_enrollment_system
 
Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.2023-01-13not yet calculatedCVE-2022-46502
MISC
sourcecodester -- online_student_enrollment_system
 
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.2023-01-12not yet calculatedCVE-2022-46503
MISC
sourcecodester -- judging_management_system
 
A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.2023-01-12not yet calculatedCVE-2022-46622
MISC
sourcecodester -- judging_management_system
 
Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.2023-01-12not yet calculatedCVE-2022-46623
MISC
sourcecodester -- helmet_store_showroom_site
 
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.2023-01-13not yet calculatedCVE-2022-46946
MISC
sourcecodester -- helmet_store_showroom_site
 
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.2023-01-13not yet calculatedCVE-2022-46947
MISC
sourcecodester -- helmet_store_showroom_site
 
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.2023-01-13not yet calculatedCVE-2022-46949
MISC
sourcecodester -- dynamic_transaction_queing_system
 
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window.2023-01-13not yet calculatedCVE-2022-46950
MISC
sourcecodester -- dynamic_transaction_queing_system
 
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.2023-01-13not yet calculatedCVE-2022-46951
MISC
sourcecodester -- dynamic_transaction_queing_system
 
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user.2023-01-13not yet calculatedCVE-2022-46952
MISC
sourcecodester -- dynamic_transaction_queing_system
 
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window.2023-01-13not yet calculatedCVE-2022-46953
MISC
sourcecodester -- dynamic_transaction_queing_system
 
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction.2023-01-13not yet calculatedCVE-2022-46954
MISC
sourcecodester -- dynamic_transaction_queing_system
 
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue.2023-01-13not yet calculatedCVE-2022-46955
MISC
sourcecodester -- dynamic_transaction_queing_system
 
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.2023-01-13not yet calculatedCVE-2022-46956
MISC
linux -- kernel
 
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above2023-01-11not yet calculatedCVE-2022-4696
MISC
MISC
student_study_center_management_system -- student_study_center_management_system
 
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.2023-01-12not yet calculatedCVE-2022-47102
MISC
sdl2 -- sdl2
 
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.2023-01-12not yet calculatedCVE-2022-4743
MISC
MISC
MISC
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.2023-01-12not yet calculatedCVE-2022-47927
MISC
MISC
siemens -- multiple_products
 
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)2023-01-10not yet calculatedCVE-2022-47935
MISC
siemens -- solid_edge
 
A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.2023-01-10not yet calculatedCVE-2022-47967
MISC
hotel-mgmt-system -- hotel-mgmt-system
 
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.2023-01-13not yet calculatedCVE-2022-48090
MISC
hotel-mgmt-system -- hotel-mgmt-system
 
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.2023-01-13not yet calculatedCVE-2022-48091
MISC

pi.alert -- pi.altert

The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.2023-01-11not yet calculatedCVE-2022-48252
MISC
nostromo -- nostromo
 
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.2023-01-11not yet calculatedCVE-2022-48253
MISC
MISC
technitium_software -- dns_server
 
Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records.2023-01-13not yet calculatedCVE-2022-48256
MISC
multiple_products -- multiple_products
 
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.2023-01-13not yet calculatedCVE-2022-48257
MISC
MISC
multiple_products -- multiple_products
 
In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.2023-01-13not yet calculatedCVE-2022-48258
MISC
MISC
linux -- kernel
 
A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.2023-01-12not yet calculatedCVE-2022-4842
MISC
netcomm -- multiple_products
 
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location.2023-01-11not yet calculatedCVE-2022-4873
MISC
netcomm -- multiple_productsAuthentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page.2023-01-11not yet calculatedCVE-2022-4874
MISC
jefferson -- jefferson
 
A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020.2023-01-11not yet calculatedCVE-2022-4885
MISC
MISC
MISC
MISC
MISC
sap -- bmc_ms
 
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database.2023-01-10not yet calculatedCVE-2023-0016
MISC
MISC
sap -- businessobjects_business_intelligence_platform_analysis_edition_for_olap
 
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application.2023-01-10not yet calculatedCVE-2023-0022
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.2023-01-12not yet calculatedCVE-2023-0042
MISC
CONFIRM
keycloak -- keycloak
 
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.2023-01-13not yet calculatedCVE-2023-0091
MISC
keycloak -- keycloakA flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.2023-01-13not yet calculatedCVE-2023-0105
MISC
google -- chromeInappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)2023-01-10not yet calculatedCVE-2023-0130
MISC
MISC
google -- chromeInappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-01-10not yet calculatedCVE-2023-0131
MISC
MISC
trellix -- application_and_change_controlProduct security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.2023-01-13not yet calculatedCVE-2023-0221
MISC
pyload -- pyloadInsufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.2023-01-12not yet calculatedCVE-2023-0227
CONFIRM
MISC
tuzicms -- tuzicmsA vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151.2023-01-12not yet calculatedCVE-2023-0243
MISC
MISC
MISC
tuzicms -- tuzicmsA vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152.2023-01-12not yet calculatedCVE-2023-0244
MISC
MISC
MISC
sourcecodester -- online-flight-booking-management-systemA vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability.2023-01-12not yet calculatedCVE-2023-0245
MISC
MISC
MISC
earthlink -- espcmsA vulnerability, which was classified as problematic, was found in earthlink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability.2023-01-12not yet calculatedCVE-2023-0246
MISC
MISC
MISC
bits-and-blooms -- bloomsUncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.2023-01-12not yet calculatedCVE-2023-0247
CONFIRM
MISC
wordpress -- wordpressThe Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-01-12not yet calculatedCVE-2023-0254
MISC
MISC
sourcecodester -- online_food_ordering_systemA vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184.2023-01-12not yet calculatedCVE-2023-0256
MISC
MISC
sourcecodester -- online_food_ordering_systemA vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability.2023-01-12not yet calculatedCVE-2023-0257
MISC
MISC
sourcecodester -- online_food_ordering_systemA vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input "><script>prompt(1)</script> leads to cross site scripting. The attack may be launched remotely. VDB-218186 is the identifier assigned to this vulnerability.2023-01-12not yet calculatedCVE-2023-0258
MISC
MISC
sourcecodester -- online_flight_booking_management_systemA vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218276.2023-01-13not yet calculatedCVE-2023-0281
MISC
MISC
MISC
sourcecodester -- online_flight_booking_management_systemA vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218277 was assigned to this vulnerability.2023-01-13not yet calculatedCVE-2023-0283
MISC
MISC
MISC
ityouknow -- favorites-webA vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability.2023-01-13not yet calculatedCVE-2023-0287
MISC
MISC
MISC
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.2023-01-13not yet calculatedCVE-2023-0288
CONFIRM
MISC
webcalendar -- webcalendarCross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.2023-01-13not yet calculatedCVE-2023-0289
CONFIRM
MISC
wordpress -- wordpressThe Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, which it uses to arrange them in folder views.2023-01-13not yet calculatedCVE-2023-0293
MISC
MISC
wordpress -- wordpressThe Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-01-13not yet calculatedCVE-2023-0294
MISC
MISC
wordpress -- wordpressThe Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-01-13not yet calculatedCVE-2023-0295
MISC
MISC
pyload -- pyloadCode Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.2023-01-14not yet calculatedCVE-2023-0297
MISC
CONFIRM
firefly-iii -- firefly-iiiImproper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.2023-01-14not yet calculatedCVE-2023-0298
MISC
CONFIRM
publify -- publifyImproper Input Validation in GitHub repository publify/publify prior to 9.2.10.2023-01-14not yet calculatedCVE-2023-0299
CONFIRM
MISC
alfio-event --alfi.ioCross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301.2023-01-14not yet calculatedCVE-2023-0300
CONFIRM
MISC
alfio-event --alfi.ioCross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301.2023-01-14not yet calculatedCVE-2023-0301
CONFIRM
MISC
amd -- 2nd_gen_epyc/3rd_gen_epycInsufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.2023-01-11not yet calculatedCVE-2023-20522
MISC
amd -- 2nd_gen_epyc/3rd_gen_epycTOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.2023-01-11not yet calculatedCVE-2023-20523
MISC
amd -- 2nd_gen_epyc/3rd_gen_epycInsufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.2023-01-11not yet calculatedCVE-2023-20525
MISC
amd -- multiple_productsImproper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.2023-01-11not yet calculatedCVE-2023-20527
MISC
amd -- 2nd_gen_epyc/3rd_gen_epycInsufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.2023-01-11not yet calculatedCVE-2023-20528
MISC
amd -- 2nd_gen_epyc/3rd_gen_epycInsufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.2023-01-11not yet calculatedCVE-2023-20529
MISC
amd -- 3rd_gen_epycInsufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.2023-01-11not yet calculatedCVE-2023-20530
MISC
amd -- 2nd_gen_epycInsufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.2023-01-11not yet calculatedCVE-2023-20531
MISC
amd -- 2nd_gen_epyc/3rd_gen_epycInsufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.2023-01-11not yet calculatedCVE-2023-20532
MISC
nextcloud -- security_advisoriesNextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.2023-01-14not yet calculatedCVE-2023-22470
MISC
MISC
nextcloud -- security_advisories
 
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2.2023-01-14not yet calculatedCVE-2023-22471
MISC
MISC
kubeoperator -- kubepiKubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.2023-01-14not yet calculatedCVE-2023-22478
MISC
MISC
MISC
kubeoperator -- kubeoperatorKubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.2023-01-14not yet calculatedCVE-2023-22480
MISC
MISC
MISC
flarum -- frameworkFlarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/<id>` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it's possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension.2023-01-11not yet calculatedCVE-2023-22487
MISC
MISC
flarum -- frameworkFlarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3.2023-01-12not yet calculatedCVE-2023-22488
MISC
MISC
flarum -- frameworkFlarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds.2023-01-13not yet calculatedCVE-2023-22489
MISC
MISC
MISC
gatsby -- gatsbyGatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner.2023-01-13not yet calculatedCVE-2023-22491
MISC
zitadel -- zitadelZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtain a valid access token only through a refresh token grant. When the locked or deactivated user’s session was already terminated (“logged out”) then it was not possible to create a new session. Renewal of access token through a refresh token grant is limited to the configured amount of time (RefreshTokenExpiration). As a workaround, ensure the RefreshTokenExpiration in the OIDC settings of your instance is set according to your security requirements. This issue has been patched in versions 2.17.3 and 2.16.4.2023-01-11not yet calculatedCVE-2023-22492
MISC
MISC
MISC
rsshub -- rsshubRSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf.2023-01-13not yet calculatedCVE-2023-22493
MISC
MISC
MISC
maif -- izanamiIzanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.2023-01-14not yet calculatedCVE-2023-22495
MISC
MISC
netdata -- netdataNetdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.2023-01-14not yet calculatedCVE-2023-22496
MISC
netdata -- netdataNetdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has access to a Netdata Agent has access to its MACHINE_GUID. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions (increased data retention, ML, health monitoring, etc) that can now be handled by the parent Agent. Configuration is done via `stream.conf`. On the parent side, users configure in `stream.conf` an API key (any random UUID can do) to provide common configuration for all children using this API key and per MACHINE GUID configuration to customize the configuration for each child. The way this was implemented, allowed an attacker to use a valid MACHINE_GUID as an API key. This affects all users who expose their Netdata Agents (children) to non-trusted users and they also expose to the same users Netdata Agent parents that aggregate data from all these children. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, do not enable streaming by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.2023-01-14not yet calculatedCVE-2023-22497
MISC
MISC
inhands_network -- inrouter_302/inrouter_615InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection.2023-01-12not yet calculatedCVE-2023-22597
MISC
inhands_network -- inrouter_302/inrouter_615InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to the local web interface or the cloud account managing the affected devices could push a specially crafted configuration update file to gain root access. This could lead to remote code execution with root privileges.2023-01-12not yet calculatedCVE-2023-22598
MISC
inhands_network -- inrouter_302/inrouter_615
 
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These credentials are encoded using a hardcoded string into an MD5 hash. This string could be easily calculated by an unauthorized user who spoofed sending an HTTP/HTTPS request to the devices. This could result in the affected devices being temporarily disconnected from the cloud platform and allow the user to receive MQTT commands with potentially sensitive information.2023-01-12not yet calculatedCVE-2023-22599
MISC
inhands_network -- inrouter_302/inrouter_615InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates.2023-01-12not yet calculatedCVE-2023-22600
MISC
inhands_network -- inrouter_302/inrouter_615InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.2023-01-12not yet calculatedCVE-2023-22601
MISC
apache -- shiroWhen using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`2023-01-14not yet calculatedCVE-2023-22602
MISC
tiki -- tikiTiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.2023-01-14not yet calculatedCVE-2023-22850
MISC
MISC
wordpress -- wordpressTiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.2023-01-14not yet calculatedCVE-2023-22851
MISC
MISC
tiki -- tiki
 
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.2023-01-14not yet calculatedCVE-2023-22852
MISC
MISC
tiki -- tiki
 
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.2023-01-14not yet calculatedCVE-2023-22853
MISC
MISC
growthexperiments -- growthexperimentsIn the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.2023-01-11not yet calculatedCVE-2023-22945
MISC
MISC
sugarcrm -- sugarcrmIn SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.2023-01-11not yet calculatedCVE-2023-22952
CONFIRM
secure_login -- secure_loginThe Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.2023-01-11not yet calculatedCVE-2023-22958
MISC
webchess -- webchessWebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).2023-01-11not yet calculatedCVE-2023-22959
MISC
MISC
personnummer -- personnummerThe personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression.2023-01-11not yet calculatedCVE-2023-22963
MISC
MISC
linux -- kernelcbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).2023-01-12not yet calculatedCVE-2023-23454
MISC
MISC
MISC
linux -- kernelatm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).2023-01-12not yet calculatedCVE-2023-23455
MISC
MISC
MISC
upx -- upxA heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.2023-01-12not yet calculatedCVE-2023-23456
MISC
MISC
MISC
upx -- upxA Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.2023-01-12not yet calculatedCVE-2023-23457
MISC
MISC
MISC
linux -- kernelIn rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.2023-01-13not yet calculatedCVE-2023-23559
MISC
axigen -- axigenA 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.2023-01-13not yet calculatedCVE-2023-23566
MISC
MISC
MISC
MISC
tor -- safesocksThe SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.2023-01-14not yet calculatedCVE-2023-23589
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.