Vulnerability Summary for the Week of January 30, 2023

Released
Feb 16, 2023
Document ID
SB23-037

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
qnap -- qtsA vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later2023-01-309.8CVE-2022-27596
MISC
changingtec -- megaservisignadapterChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.2023-01-319.8CVE-2022-39060
MISC
sscms -- siteserver_cmsSiteServer CMS 7.1.3 is vulnerable to SQL Injection.2023-01-279.8CVE-2022-44298
MISC
limesurvey -- limesurveyAn arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.2023-01-279.8CVE-2022-48008
MISC
opencats -- opencatsOpencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.2023-01-279.8CVE-2022-48011
MISC
MISC
bank_locker_management_system_project -- bank_locker_management_systemA vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.2023-01-289.8CVE-2023-0562
MISC
MISC
MISC
thinking_software_technology -- efenceEfence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.2023-01-319.8CVE-2023-22900
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-219702 is the identifier assigned to this vulnerability.2023-01-288.8CVE-2023-0561
MISC
MISC
MISC
phicomm -- k2_firmwarePhicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.2023-01-277.8CVE-2022-48070
MISC
phicomm -- k2_firmwarePhicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.2023-01-277.8CVE-2022-48072
MISC
changingtec -- megaservisignadapter
 
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.2023-01-317.5CVE-2022-39059
MISC
phicomm -- k2_firmwarePhicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.2023-01-277.5CVE-2022-48071
MISC
phicomm -- k2_firmwarePhicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.2023-01-277.5CVE-2022-48073
MISC
froxlor -- froxlorWeak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.2023-01-297.5CVE-2023-0564
CONFIRM
MISC
openmage -- magentoOpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.2023-01-277.2CVE-2021-39217
MISC
MISC
MISC
MISC
ayacms_project -- ayacmsAyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.2023-01-277.2CVE-2022-48116
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219701 was assigned to this vulnerability.2023-01-287.2CVE-2023-0560
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
changingtec -- megaservisignadapterChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services.2023-01-316.5CVE-2022-39061
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219597 was assigned to this vulnerability.2023-01-276.3CVE-2023-0528
MISC
MISC
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability.2023-01-276.3CVE-2023-0529
MISC
MISC
MISC
netscout -- ngeniusoneAn issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6.2023-01-276.1CVE-2022-44024
MISC
netscout -- ngeniusoneAn issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.2023-01-276.1CVE-2022-44025
MISC
netscout -- ngeniusoneAn issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.2023-01-276.1CVE-2022-44026
MISC
netscout -- ngeniusoneAn issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.2023-01-276.1CVE-2022-44027
MISC
netscout -- ngeniusoneAn issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.2023-01-276.1CVE-2022-44028
MISC
netscout -- ngeniusoneAn issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.2023-01-276.1CVE-2022-44029
MISC
opencats -- opencatsOpencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.2023-01-276.1CVE-2022-48012
MISC
MISC
jorani_project -- joraniJorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.2023-01-276.1CVE-2022-48118
MISC
piwigo -- piwigoA stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.2023-01-275.4CVE-2022-48007
MISC
limesurvey -- limesurveyLimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields.2023-01-275.4CVE-2022-48010
MISC
opencats -- opencatsOpencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.2023-01-275.4CVE-2022-48013
MISC
MISC
bank_locker_management_system_project -- bank_locker_management_systemA vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.2023-01-284.8CVE-2023-0563
MISC
MISC
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600.2023-01-274.7CVE-2023-0531
MISC
MISC
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability.2023-01-274.7CVE-2023-0532
MISC
MISC
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability.2023-01-274.7CVE-2023-0533
MISC
MISC
MISC
online_tours_&_travels_management_system_project -- online_tours_&_travels_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.2023-01-274.7CVE-2023-0534
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordcraft -- wordcraft
 
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability.2023-01-29not yet calculatedCVE-2009-10003
MISC
MISC
MISC
MISC
fanzila -- webfinanceA vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.2023-02-03not yet calculatedCVE-2013-10015
MISC
MISC
MISC
fanzila -- webfinanceA vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055.2023-02-03not yet calculatedCVE-2013-10016
MISC
MISC
MISC
fanzila -- webfinanceA vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056.2023-02-04not yet calculatedCVE-2013-10017
MISC
MISC
MISC
fanzila -- webfinanceA vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability.2023-02-04not yet calculatedCVE-2013-10018
MISC
MISC
MISC
nrel -- api-umbrella-webA vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060.2023-02-04not yet calculatedCVE-2015-10072
MISC
MISC
MISC
MISC
mosbth -- cimageA vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.2023-01-29not yet calculatedCVE-2016-15022
MISC
MISC
MISC
MISC
sitefusion -- application_serverA vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability.2023-01-31not yet calculatedCVE-2016-15023
MISC
MISC
MISC
MISC
MISC
segmentio -- is-urlA vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability.2023-02-04not yet calculatedCVE-2018-25079
MISC
MISC
MISC
MISC
MISC
mobiledetect -- mobiledetectA vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.2023-02-04not yet calculatedCVE-2018-25080
MISC
MISC
MISC
MISC
MISC
sage -- frp_1000A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL.2023-01-27not yet calculatedCVE-2019-25053
MISC
onshift -- turbogearsA vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059.2023-02-04not yet calculatedCVE-2019-25101
MISC
MISC
MISC
MISC
MISC
portfoliocms -- portfoliocmsWestbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation.2023-01-31not yet calculatedCVE-2020-20402
MISC
mremoteng -- mremotengAn issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file.2023-02-02not yet calculatedCVE-2020-24307
MISC
MISC
schnieder_electric -- multiple_products
 
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)2023-02-01not yet calculatedCVE-2021-22786
MISC
hewlett_packard -- hp_pc_bios
 
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.2023-02-01not yet calculatedCVE-2021-3439
MISC
phpwcms -- phpwcmsAn issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.2023-02-03not yet calculatedCVE-2021-36424
MISC
phpwcms -- phpwcmsDirectory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.2023-02-03not yet calculatedCVE-2021-36425
MISC
phpwcms -- phpwcmsFile Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.2023-02-03not yet calculatedCVE-2021-36426
MISC
jcoms -- jcomsSQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.2023-02-03not yet calculatedCVE-2021-36431
MISC
jcoms -- jcomsSQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.2023-02-03not yet calculatedCVE-2021-36432
MISC
jcoms -- jcomsSQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.2023-02-03not yet calculatedCVE-2021-36433
MISC
jcoms -- jcomsSQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.2023-02-03not yet calculatedCVE-2021-36434
MISC
imcat -- imcatCross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.2023-02-03not yet calculatedCVE-2021-36443
MISC
imcat -- imcatCross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.2023-02-03not yet calculatedCVE-2021-36444
MISC
jizhicms -- jizhicmsSQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.2023-02-03not yet calculatedCVE-2021-36484
MISC
allegro -- allegroBuffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.2023-02-03not yet calculatedCVE-2021-36489
MISC
xpdfreader -- xpdfimagesBuffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.2023-02-03not yet calculatedCVE-2021-36493
MISC
native-php-cms -- native-php-cmsSQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file.2023-02-03not yet calculatedCVE-2021-36503
MISC
portfoliocms  -- portfoliocmsRace condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.2023-02-03not yet calculatedCVE-2021-36532
MISC
cesanta_software -- mjsBuffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.2023-02-03not yet calculatedCVE-2021-36535
MISC
gurock_holding_gmbh -- testrailCross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.2023-02-03not yet calculatedCVE-2021-36538
MISC
tcpms -- tcpmsIncorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.2023-02-03not yet calculatedCVE-2021-36544
MISC
tcpms -- tcpmsCross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.2023-02-03not yet calculatedCVE-2021-36545
MISC
kitecms -- kitecmsIncorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.2023-02-03not yet calculatedCVE-2021-36546
MISC
fuel-cms -- fuel-cmsCross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.2023-02-03not yet calculatedCVE-2021-36569
MISC
fuel-cms -- fuel-cmsCross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.2023-02-03not yet calculatedCVE-2021-36570
MISC
yzmcms -- yzmcmsCross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.2023-02-03not yet calculatedCVE-2021-36712
MISC
MISC
modern_honey_network -- modern_honey_networkIncorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API.2023-02-03not yet calculatedCVE-2021-37234
MISC
jeecg -- jeecgAn Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.2023-02-03not yet calculatedCVE-2021-37304
MISC
jeecg -- jeecgAn Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.2023-02-03not yet calculatedCVE-2021-37305
MISC
jeecg -- jeecgAn Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.2023-02-03not yet calculatedCVE-2021-37306
MISC
fcitx5 -- fcitx5Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port.2023-02-03not yet calculatedCVE-2021-37311
MISC
MISC
asus -- rt-ac68uIncorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.2023-02-03not yet calculatedCVE-2021-37315
MISC
asus -- rt-ac68uSQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.2023-02-03not yet calculatedCVE-2021-37316
MISC
asus -- rt-ac68uDirectory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.2023-02-03not yet calculatedCVE-2021-37317
MISC
pbootcms -- pbootcmsSQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.2023-02-03not yet calculatedCVE-2021-37497
MISC
MISC
hdfgroup -- hdf5-h5dumpBuffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.2023-02-03not yet calculatedCVE-2021-37501
MISC
MISC
automad -- automadCross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.2023-02-03not yet calculatedCVE-2021-37502
MISC
vimium_extension -- vimium_extensionUniversal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.2023-02-03not yet calculatedCVE-2021-37518
MISC
MISC
memcached -- memcachedBuffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.2023-02-03not yet calculatedCVE-2021-37519
MISC
MISC
hp -- biosPotential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.2023-02-01not yet calculatedCVE-2021-3808
MISC
hp -- biosPotential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.2023-02-01not yet calculatedCVE-2021-3809
MISC
nyuccl -- psiturkA vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.2023-01-28not yet calculatedCVE-2021-4315
MISC
MISC
MISC
MISC
MISC
wireguard -- wireguardWireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless.2023-01-29not yet calculatedCVE-2021-46873
MISC
schneider_electric -- ecostruxure_power_commissionA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)2023-01-30not yet calculatedCVE-2022-0223
MISC
nemo-appium -- nemo-appiumVersions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.2023-01-31not yet calculatedCVE-2022-21129
MISC
MISC
MISC
ibm -- tivoli_workload_schedulerIBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.2023-02-03not yet calculatedCVE-2022-22486
MISC
MISC
schneider_electric -- ecostruxure_power_commissionA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)2023-01-30not yet calculatedCVE-2022-22731
MISC
schneider_electric -- ecostruxure_power_commissionA CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)2023-01-30not yet calculatedCVE-2022-22732
MISC
schneider_electric -- igss_data_serverA CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)2023-02-01not yet calculatedCVE-2022-2329
MISC
ip-label -- newtestThe Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.2023-01-30not yet calculatedCVE-2022-23334
MISC
MISC
MISC
hp_inc -- hp_support_assistantPotential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.2023-02-01not yet calculatedCVE-2022-23453
MISC
hp_inc -- hp_support_assistantPotential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.2023-02-01not yet calculatedCVE-2022-23454
MISC
hp_inc -- hp_support_assistantPotential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.2023-02-01not yet calculatedCVE-2022-23455
MISC
grafana -- grafanaGrafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.2023-02-03not yet calculatedCVE-2022-23498
MISC
grafana -- grafanaGrafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix.2023-01-27not yet calculatedCVE-2022-23552
MISC
MISC
MISC
MISC
MISC
schneider_electric – igss_data_server_igssdataserverexeA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)2023-02-01not yet calculatedCVE-2022-24324
MISC
symfony -- symfonySymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.2023-02-03not yet calculatedCVE-2022-24894
MISC
MISC
symfony -- symfonySymfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.2023-02-03not yet calculatedCVE-2022-24895
MISC
MISC
MISC
MISC
apache -- portable_runtime_utility
 
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.2023-01-31not yet calculatedCVE-2022-24963
MISC
apache -- portable_runtime_utilityInteger Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.2023-01-31not yet calculatedCVE-2022-25147
MISC
wordpress -- wordpressThe All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key2023-02-02not yet calculatedCVE-2022-2546
MISC
cache_semantics -- cache_semanticsThis affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.2023-01-31not yet calculatedCVE-2022-25881
MISC
MISC
MISC
snyk -- is-http2All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.2023-02-01not yet calculatedCVE-2022-25906
MISC
MISC
snyk -- mt7688-wiscanVersions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.2023-02-01not yet calculatedCVE-2022-25916
MISC
MISC
MISC
snyk -- servstVersions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.2023-01-30not yet calculatedCVE-2022-25936
MISC
MISC
MISC
snyk -- etaVersions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.2023-01-30not yet calculatedCVE-2022-25967
MISC
MISC
MISC
MISC
snyk -- jsuitesVersions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.2023-01-31not yet calculatedCVE-2022-25979
MISC
MISC
MISC
MISC
ami -- megarac_spx-12AMI Megarac Password reset interception via API2023-01-30not yet calculatedCVE-2022-26872
MISC
hp -- biosPotential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.2023-02-01not yet calculatedCVE-2022-27537
MISC
hp -- biosA potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.2023-02-01not yet calculatedCVE-2022-27538
MISC
apache -- portable_runtime_utilityOn Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.2023-01-31not yet calculatedCVE-2022-28331
MISC
schneider_electric -- somachine_hvacA CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0)2023-01-30not yet calculatedCVE-2022-2988
MISC
toshiba -- storage_security_softwareImproper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.2023-01-31not yet calculatedCVE-2022-30421
MISC
MISC
MISC
MISC
landisgyr – e850_zmq200All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values.2023-02-01not yet calculatedCVE-2022-3083
MISC
bestechnic -- bluetooth_mesh_sdkIn Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.2023-02-01not yet calculatedCVE-2022-30904
MISC
cypress -- bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.2023-02-01not yet calculatedCVE-2022-31363
MISC
cypress -- bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.2023-02-01not yet calculatedCVE-2022-31364
MISC
cloud_foundry -- diego/cf_deployment
 
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.2023-02-03not yet calculatedCVE-2022-31733
MISC
notepad++ -- notepad++Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().2023-02-01not yet calculatedCVE-2022-31902
MISC
MISC
dell -- biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-02-01not yet calculatedCVE-2022-32482
MISC
schneider_electric -- canbrassA CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)2023-01-30not yet calculatedCVE-2022-32512
MISC
schneider_electric -- multiple_productsA CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)2023-01-30not yet calculatedCVE-2022-32513
MISC
schneider_electric -- multiple_productsA CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)2023-01-30not yet calculatedCVE-2022-32514
MISC
schneider_electric -- context_comboxA CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)2023-01-30not yet calculatedCVE-2022-32515
MISC
schneider_electric -- context_comboxA CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)2023-01-30not yet calculatedCVE-2022-32516
MISC
schneider_electric -- context_comboxA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)2023-01-30not yet calculatedCVE-2022-32517
MISC
schneider_electric -- data_center_expertA CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)2023-01-30not yet calculatedCVE-2022-32518
MISC
schneider_electric -- data_center_expertA CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)2023-01-30not yet calculatedCVE-2022-32519
MISC
schneider_electric -- data_center_expertA CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)2023-01-30not yet calculatedCVE-2022-32520
MISC
schneider_electric -- data_center_expertA CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)2023-01-30not yet calculatedCVE-2022-32521
MISC
schneider_electric -- igss_data_serverA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32522
MISC
schneider_electric -- igss_data_serverA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32523
MISC
schneider_electric -- igss_data_serverA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32524
MISC
schneider_electric -- igss_data_serverA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32525
MISC
schneider_electric -- igss_data_serverA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32526
MISC
schneider_electric -- igss_data_serverA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32527
MISC
schneider_electric -- igss_data_serverA CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32528
MISC
schneider_electric -- igss_data_serverA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)2023-01-30not yet calculatedCVE-2022-32529
MISC
schneider_electric -- ecostruxure_cybersecurity_admin_expert
 
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)2023-01-30not yet calculatedCVE-2022-32747
MISC
schneider_electric -- ecostruxure_cybersecurity_admin_expertA CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)2023-01-30not yet calculatedCVE-2022-32748
MISC
btcpay_server -- btcpay_serverBTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed.2023-01-31not yet calculatedCVE-2022-32984
MISC
mitsubishi_electric_corporation -- multiple_productsActive Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.2023-02-02not yet calculatedCVE-2022-33323
MISC
MISC
MISC
biltema -- ip/baby_camera_softwareInsecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.2023-02-03not yet calculatedCVE-2022-34138
MISC
MISC
dell – openmanage_server_administratorDell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.2023-02-01not yet calculatedCVE-2022-34396
MISC
dell -- bios
 
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.2023-02-01not yet calculatedCVE-2022-34398
MISC
dell -- bios
 
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.2023-02-01not yet calculatedCVE-2022-34400
MISC
dell -- bios
 
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.2023-02-01not yet calculatedCVE-2022-34403
MISC
dell -- rugged _control_centerDell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.2023-02-01not yet calculatedCVE-2022-34443
MISC
dell -- multiple_productsDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.2023-02-01not yet calculatedCVE-2022-34458
MISC
dell -- multiple_productsDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.2023-02-01not yet calculatedCVE-2022-34459
MISC
lenovo -- xclarity_controllerA buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.2023-01-30not yet calculatedCVE-2022-34884
MISC
motorola -- mr2600An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.2023-01-30not yet calculatedCVE-2022-34885
MISC
lenovo -- xclarity_controllerThe Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.2023-01-30not yet calculatedCVE-2022-34888
MISC
pesign -- pesignA flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.2023-02-02not yet calculatedCVE-2022-3560
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions.2023-02-02not yet calculatedCVE-2022-36401
MISC
dotcms -- tempfileapiIn dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely.2023-02-01not yet calculatedCVE-2022-37033
MISC
dotcms -- tempfileresource
 
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.2023-02-01not yet calculatedCVE-2022-37034
MISC
docker -- dockerDocker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container.2023-01-31not yet calculatedCVE-2022-37708
MISC
MISC
MISC
ibm -- trivoli_workload_schedulerIBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.2023-02-03not yet calculatedCVE-2022-38389
MISC
MISC
talos -- freshtomatoA directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.2023-01-30not yet calculatedCVE-2022-38451
MISC
rapid7 -- multiple_productsRapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM.2023-02-01not yet calculatedCVE-2022-3913
MISC
MISC
grafana -- grafanaGrafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.2023-01-27not yet calculatedCVE-2022-39324
MISC
MISC
MISC
MISC
MISC
wire -- web-appWire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result.2023-01-27not yet calculatedCVE-2022-39380
MISC
italtel -- netmatch-s_ciItaltel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity).2023-01-27not yet calculatedCVE-2022-39811
MISC
italtel -- netmatch-s_ciItaltel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server.2023-01-27not yet calculatedCVE-2022-39812
MISC
italtel -- netmatch-s_ciItaltel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it.2023-01-27not yet calculatedCVE-2022-39813
MISC
hewlett_packard -- hpfsviewerHPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.2023-02-01not yet calculatedCVE-2022-3990
MISC
lenovo -- multiple_productsAn information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.2023-01-30not yet calculatedCVE-2022-40134
MISC
lenovo -- multiple_productsAn information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.2023-01-30not yet calculatedCVE-2022-40135
MISC
lenovo -- multiple_productsAn information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.2023-01-30not yet calculatedCVE-2022-40136
MISC
lenovo -- multiple_productsA buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.2023-01-30not yet calculatedCVE-2022-40137
MISC
ami -- megaracAMI Megarac Weak password hashes for Redfish & API2023-01-31not yet calculatedCVE-2022-40258
MISC
mitsubishi_electric -- multiple_productsImproper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking.2023-02-02not yet calculatedCVE-2022-40268
MISC
MISC
mitsubishi_electric -- multiple_productsAuthentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.2023-02-02not yet calculatedCVE-2022-40269
MISC
MISC
hitachi -- storage_plug-in_for_vmware_vcenterIncorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.2023-01-31not yet calculatedCVE-2022-4041
MISC
schneider_electric -- ecostruxure_power_commissionA CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)2023-02-01not yet calculatedCVE-2022-4062
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.2023-02-02not yet calculatedCVE-2022-40692
MISC
gitlab -- gitlabA blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.2023-01-27not yet calculatedCVE-2022-4201
CONFIRM
MISC
gitlab -- gitlabIn Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.2023-01-27not yet calculatedCVE-2022-4205
MISC
CONFIRM
gitlab -- gitlabA sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report2023-02-01not yet calculatedCVE-2022-4206
CONFIRM
MISC
talos -- freshtomatoAn OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.2023-01-30not yet calculatedCVE-2022-42484
MISC
sssd -- sssdsssd: libsss_certmap fails to sanitise certificate data used in LDAP filters2023-02-01not yet calculatedCVE-2022-4254
MISC
MISC
MISC
MISC
gitlab -- gitlabAn info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.2023-01-27not yet calculatedCVE-2022-4255
MISC
CONFIRM
wepa -- print_awayWEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.2023-02-03not yet calculatedCVE-2022-42908
CONFIRM
CONFIRM
wepa -- print_awayWEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.2023-02-03not yet calculatedCVE-2022-42909
CONFIRM
CONFIRM
schneider_electric -- multiple_productsA CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)2023-02-01not yet calculatedCVE-2022-42970
MISC
schneider_electric -- multiple_products
 
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)2023-02-01not yet calculatedCVE-2022-42971
MISC
schneider_electric -- multiple_productsA CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)2023-02-01not yet calculatedCVE-2022-42972
MISC
schneider_electric -- multiple_productsA CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)2023-02-01not yet calculatedCVE-2022-42973
MISC
wordpress -- wordpressThe Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.2023-01-30not yet calculatedCVE-2022-4306
MISC
estsoft -- alyacA denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.2023-02-02not yet calculatedCVE-2022-43665
MISC
ibm -- app_connect_enterprise_certified_containerIBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.2023-02-01not yet calculatedCVE-2022-43922
MISC
MISC
wordpress -- wordpressThe Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.2023-01-30not yet calculatedCVE-2022-4395
MISC
pandora_fms -- pandora_fmsThere is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.2023-01-27not yet calculatedCVE-2022-43978
CONFIRM
pandora_fms -- pandora_fmsThere is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution.2023-01-27not yet calculatedCVE-2022-43979
CONFIRM
pandora_fms -- pandora_fmsThere is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.2023-01-27not yet calculatedCVE-2022-43980
CONFIRM
hitachi -- storage_plug-in_for_vmware_vcenterIncorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.2023-01-31not yet calculatedCVE-2022-4441
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.2023-02-02not yet calculatedCVE-2022-44585
MISC
apache -- linkisIn Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.32023-01-31not yet calculatedCVE-2022-44644
MISC
apache -- linkisIn Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.2023-01-31not yet calculatedCVE-2022-44645
MISC
wordpress -- wordpressThe Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4470
MISC
wordpress -- wordpressThe Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4472
MISC
apollotheme -- ap_pagebuilderA cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.2023-01-31not yet calculatedCVE-2022-44897
MISC
MISC
wordpress -- wordpressThe SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.2023-01-30not yet calculatedCVE-2022-4496
MISC
MISC
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.2023-02-02not yet calculatedCVE-2022-45067
MISC
dell -- powerscale_onefsDell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.2023-02-01not yet calculatedCVE-2022-45095
MISC
dell -- powerscale_onefsDell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.2023-02-01not yet calculatedCVE-2022-45096
MISC
dell -- powerscale_onefsDell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.2023-02-01not yet calculatedCVE-2022-45097
MISC
dell -- powerscale_onefsDell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.2023-02-01not yet calculatedCVE-2022-45098
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise2023-02-01not yet calculatedCVE-2022-45099
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.2023-02-01not yet calculatedCVE-2022-45100
MISC
dell -- powerscale_onefsDell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.2023-02-01not yet calculatedCVE-2022-45101
MISC
dell -- emc_data_protection_centralDell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.2023-02-01not yet calculatedCVE-2022-45102
MISC
livebox -- collaboration_vdeskAn issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.2023-01-31not yet calculatedCVE-2022-45172
MISC
eq -- eqEQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.2023-01-31not yet calculatedCVE-2022-45297
MISC
identityiq -- multiple_productsIdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.2023-01-31not yet calculatedCVE-2022-45435
MISC
json.h -- json_parse_stringBuffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.2023-02-03not yet calculatedCVE-2022-45491
MISC
MISC
json.h -- json_parse_stringBuffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.2023-02-03not yet calculatedCVE-2022-45492
MISC
MISC
json.h -- json_parse_stringBuffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.2023-02-03not yet calculatedCVE-2022-45493
MISC
json.h -- json_parse_stringBuffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.2023-01-31not yet calculatedCVE-2022-45494
MISC
MISC
MISC
MISC
json.h -- json_parse_stringBuffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.2023-02-03not yet calculatedCVE-2022-45496
MISC
MISC
wordpress -- wordpressThe FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack2023-01-30not yet calculatedCVE-2022-4552
MISC
wordpress -- wordpressThe FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables2023-01-30not yet calculatedCVE-2022-4553
MISC
talend -- remote_engine_gen_2XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09.2023-02-03not yet calculatedCVE-2022-45588
MISC
MISC
joplin -- desktop_appCross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.2023-01-31not yet calculatedCVE-2022-45598
MISC
MISC
dotcms -- dotcmsAn issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.2023-02-01not yet calculatedCVE-2022-45782
MISC
dotcms -- dotcmsAn issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.2023-02-01not yet calculatedCVE-2022-45783
MISC
apache -- age
 
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn't careful. The developer of the Golang and Pyton drivers didn't fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn't a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters - that would be passed in and that the cypher() function transform needs to be resolved - are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can't be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session's pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.2023-02-04not yet calculatedCVE-2022-45786
MISC
schneider_electric -- multiple_productsA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)2023-01-30not yet calculatedCVE-2022-45788
MISC
schneider_electric -- multiple_productsA CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)2023-01-31not yet calculatedCVE-2022-45789
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions.2023-02-02not yet calculatedCVE-2022-45807
MISC
xerox -- workcentreOn Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.2023-01-31not yet calculatedCVE-2022-45897
MISC
MISC
cloudschool -- cloudschoolCloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user.2023-01-30not yet calculatedCVE-2022-46087
MISC
MISC
delta_electronics -- cncsoft_screeneditorAll versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.2023-02-03not yet calculatedCVE-2022-4634
MISC
hp -- security_managerPotential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.2023-01-30not yet calculatedCVE-2022-46356
MISC
hp -- security_managerPotential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.2023-01-30not yet calculatedCVE-2022-46357
MISC
hp -- security_manager
 
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.2023-01-30not yet calculatedCVE-2022-46358
MISC
hp -- security_managerPotential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.2023-01-30not yet calculatedCVE-2022-46359
MISC
wordpress -- wordpressThe WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2022-4649
MISC
wordpress -- wordpress
 
The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2022-4651
MISC
wordpress -- wordpress
 
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2022-4654
MISC
d-link -- dir-846
 
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.2023-02-02not yet calculatedCVE-2022-46552
MISC
MISC
MISC
MISC
MISC
MISC
responsive_filemanager -- responsive_filemanagerAn issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.2023-02-02not yet calculatedCVE-2022-46604
MISC
MISC
MISC
wordpress -- wordpressThe RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4667
MISC
dell -- powerscale_onefsDell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.2023-02-01not yet calculatedCVE-2022-46679
MISC
wordpress -- wordpressThe PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4671
MISC
dell -- vxrail
 
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.2023-02-01not yet calculatedCVE-2022-46756
MISC
wordpress -- wordpressThe Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.2023-01-30not yet calculatedCVE-2022-4680
MISC
conditional_shipping_for_woocommerce -- conditional_shipping_for_woocommerceCross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.2023-02-02not yet calculatedCVE-2022-46815
MISC
identityiq -- identityiqIdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.2023-01-31not yet calculatedCVE-2022-46835
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.2023-02-02not yet calculatedCVE-2022-46842
MISC
kkfileview -- kkfileviewkkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.2023-02-01not yet calculatedCVE-2022-46934
MISC
prestashop -- prestashopPrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.2023-02-02not yet calculatedCVE-2022-46965
MISC
MISC
MISC
revenue_collection_system -- revenue_collection_systemA stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages.2023-01-27not yet calculatedCVE-2022-46968
MISC
wordpress -- wordpressThe MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4699
MISC
masa_cms -- masa_cmsA vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.2023-02-01not yet calculatedCVE-2022-47002
MISC
MISC
mura_cms -- mura_cmsA vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.2023-02-01not yet calculatedCVE-2022-47003
MISC
MISC
MISC
MISC
d-link -- dir-825Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.2023-01-31not yet calculatedCVE-2022-47035
MISC
MISC
nvs365 -- nvs365NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information.2023-02-03not yet calculatedCVE-2022-47070
MISC
MISC
academy_lms -- academy_lmsA Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.2023-02-03not yet calculatedCVE-2022-47130
MISC
MISC
MISC
academy_lms -- academy_lmsA Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.2023-02-03not yet calculatedCVE-2022-47131
MISC
MISC
MISC
MISC
MISC
academy_lms -- academy_lmsA Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.2023-02-03not yet calculatedCVE-2022-47132
MISC
MISC
MISC
wordpress -- wordpressThe Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4749
MISC
wordpress -- wordpressThe Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4763
MISC
wordpress -- wordpressThe Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4765
MISC
comfast -- cf-wr623nCOMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.2023-01-31not yet calculatedCVE-2022-47697
MISC
comfast -- cf-wr623nCOMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router.2023-01-31not yet calculatedCVE-2022-47698
MISC
comfast -- cf-wr623nCOMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.2023-01-31not yet calculatedCVE-2022-47699
MISC
comfast -- cf-wr623nCOMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.2023-01-31not yet calculatedCVE-2022-47700
MISC
comfast -- cf-wr623nCOMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).2023-01-31not yet calculatedCVE-2022-47701
MISC
last_yard_22.09.8-1 -- last_yard_22.09.8-1Last Yard 22.09.8-1 does not enforce HSTS headers2023-02-01not yet calculatedCVE-2022-47714
MISC
last_yard_22.09.8-1 -- last_yard_22.09.8-1In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.2023-02-01not yet calculatedCVE-2022-47715
MISC
last_yard_22.09.8-1 -- last_yard_22.09.8-1Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).2023-02-01not yet calculatedCVE-2022-47717
MISC
wordpress -- wordpressThe CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4776
MISC
gin-vue-admin -- gin-vue-adminIn gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.2023-02-03not yet calculatedCVE-2022-47762
MISC
serenissima -- informatica_fast_checkinSerenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal.2023-02-01not yet calculatedCVE-2022-47768
MISC
MISC
serenissima -- informatica_fast_checkinAn arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.2023-02-01not yet calculatedCVE-2022-47769
MISC
MISC
serenissima -- informatica_fast_checkinSerenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.2023-02-01not yet calculatedCVE-2022-47770
MISC
MISC
MISC
bangresto -- bangrestoSQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.2023-01-31not yet calculatedCVE-2022-47780
MISC
wordpress -- wordpressThe Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2022-4781
MISC
i-librarian -- i-librariani-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.2023-01-31not yet calculatedCVE-2022-47854
MISC
MISC
wordpress -- wordpressThemify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2022-4787
MISC
maccms10 -- maccms10maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF).2023-02-01not yet calculatedCVE-2022-47872
MISC
netcad_keos -- netcad_keosNetcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).2023-01-31not yet calculatedCVE-2022-47873
MISC
wordpress -- wordpressThe News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2022-4792
MISC
wordpress -- wordpressThe Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2022-4793
MISC
wordpress -- wordpressThe AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.2023-01-30not yet calculatedCVE-2022-4794
MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.2023-02-01not yet calculatedCVE-2022-47983
MISC
MISC
taocms -- taocmsAn arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.2023-01-30not yet calculatedCVE-2022-48006
MISC
zammad -- zammadA vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.2023-02-03not yet calculatedCVE-2022-48021
MISC
zammad -- zammadAn issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.2023-02-03not yet calculatedCVE-2022-48022
MISC
zammad -- zammadInsufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.2023-02-03not yet calculatedCVE-2022-48023
MISC
nomachine -- nomachineAn issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.2023-02-03not yet calculatedCVE-2022-48074
MISC
aapanel -- aapanelMonnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system.2023-02-02not yet calculatedCVE-2022-48079
MISC
MISC
easyone_crm -- easyone_crmEasyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag.2023-02-02not yet calculatedCVE-2022-48082
MISC
seacms -- seacmsSeacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.2023-02-01not yet calculatedCVE-2022-48093
MISC
lmxcms -- lmxcmslmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.2023-02-01not yet calculatedCVE-2022-48094
MISC
d-link -- dir-878D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.2023-01-27not yet calculatedCVE-2022-48107
MISC
MISC
d-link -- dir-878D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.2023-01-27not yet calculatedCVE-2022-48108
MISC
MISC
totolink -- n200re_v5A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.2023-02-02not yet calculatedCVE-2022-48113
MISC
ruoyi -- ruoyiRuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.2023-02-02not yet calculatedCVE-2022-48114
MISC
tenda -- w20eTenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.2023-02-02not yet calculatedCVE-2022-48130
MISC
dedecms -- dedecmsDedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.2023-02-02not yet calculatedCVE-2022-48140
MISC
easy_images_v2.0 -- easy_images_v2.0Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.2023-02-01not yet calculatedCVE-2022-48161
MISC
wavlink -- wl-wn530h4An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.2023-02-03not yet calculatedCVE-2022-48165
MISC
MISC
rukovoditel -- rukovoditelRukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.2023-01-30not yet calculatedCVE-2022-48175
MISC
netgear -- multiple_productsNetgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.2023-01-31not yet calculatedCVE-2022-48176
MISC
MISC
MISC
wordpress -- wordpressThe Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4828
MISC
jszip -- jsziploadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.2023-01-29not yet calculatedCVE-2022-48285
MISC
MISC
MISC
MISC
gnu -- tarGNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.2023-01-30not yet calculatedCVE-2022-48303
MISC
MISC
wordpress -- wordpressThe Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4831
MISC
wordpress -- wordpressThe CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4834
MISC
wordpress -- wordpressThe Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4835
MISC
wordpress -- wordpressThe CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.2023-01-30not yet calculatedCVE-2022-4837
MISC
wordpress -- wordpressThe Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'2023-01-30not yet calculatedCVE-2022-4872
MISC
octopus_deploy -- octopus_serverIn affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS2023-01-31not yet calculatedCVE-2022-4898
MISC
wordpress -- wordpressThe PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.2023-01-30not yet calculatedCVE-2023-0033
MISC
wordpress -- wordpressThe WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-01-30not yet calculatedCVE-2023-0071
MISC
wordpress -- wordpressThe WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-01-30not yet calculatedCVE-2023-0074
MISC
wordpress -- wordpressThe Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-01-30not yet calculatedCVE-2023-0097
MISC
delta_electronics -- dopsoftDelta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.2023-02-03not yet calculatedCVE-2023-0123
MISC
delta_electronics -- dopsoftDelta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.2023-02-03not yet calculatedCVE-2023-0124
MISC
linux -- kernelThere is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.2023-01-30not yet calculatedCVE-2023-0240
MISC
MISC
MISC
wordpress -- wordpressThe Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-02-02not yet calculatedCVE-2023-0253
MISC
MISC
MISC
linux -- kernelA use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e2023-01-30not yet calculatedCVE-2023-0266
MISC
MISC
MISC
editorconfig -- editorconfig_c_coreA stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer.2023-02-01not yet calculatedCVE-2023-0341
MISC
MISC
trellix -- data_loss_preventionThe protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.2023-02-02not yet calculatedCVE-2023-0400
MISC
orangescrum -- orangescrumOrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.2023-02-01not yet calculatedCVE-2023-0454
MISC
MISC
google -- chromeUse after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-01-30not yet calculatedCVE-2023-0471
MISC
MISC
google -- chromeUse after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-01-30not yet calculatedCVE-2023-0472
MISC
MISC
google -- chromeType Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-01-30not yet calculatedCVE-2023-0473
MISC
MISC
google -- chromeUse after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)2023-01-30not yet calculatedCVE-2023-0474
MISC
MISC
vim -- vimDivide By Zero in GitHub repository vim/vim prior to 9.0.1247.2023-01-30not yet calculatedCVE-2023-0512
MISC
CONFIRM
tenable -- multiple_productsAs part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055.2023-02-01not yet calculatedCVE-2023-0524
MISC
yafnet -- yafnetA vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.2023-01-27not yet calculatedCVE-2023-0549
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.2023-01-27not yet calculatedCVE-2023-0550
MISC
MISC
MISC
wordpress -- wordpressThe Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-01-27not yet calculatedCVE-2023-0553
MISC
MISC
MISC
wordpress -- wordpressThe Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-01-27not yet calculatedCVE-2023-0554
MISC
MISC
MISC
wordpress -- wordpressThe Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration.2023-01-27not yet calculatedCVE-2023-0555
MISC
MISC
MISC
wordpress -- wordpressThe ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.2023-01-27not yet calculatedCVE-2023-0556
MISC
MISC
MISC
wordpress -- wordpressThe ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts.2023-01-27not yet calculatedCVE-2023-0557
MISC
MISC
MISC
wordpress -- wordpressThe ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.2023-01-27not yet calculatedCVE-2023-0558
MISC
MISC
MISC
froxlor -- froxlorBusiness Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.2023-01-29not yet calculatedCVE-2023-0565
CONFIRM
MISC
froxlor -- froxlorStatic Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.2023-01-29not yet calculatedCVE-2023-0566
CONFIRM
MISC
publify -- publifyWeak Password Requirements in GitHub repository publify/publify prior to 9.2.10.2023-01-29not yet calculatedCVE-2023-0569
CONFIRM
MISC
sourcecodester -- online_tours_&_travels_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability.2023-01-29not yet calculatedCVE-2023-0570
MISC
MISC
MISC
sourcecodester -- canteen_management_systemA vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability.2023-01-29not yet calculatedCVE-2023-0571
MISC
MISC
MISC
froxlor -- froxlorUnchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.2023-01-29not yet calculatedCVE-2023-0572
CONFIRM
MISC
yugabyte -- yugabyteServer-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte DB allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte DB: v2.17.0.0.2023-02-02not yet calculatedCVE-2023-0576
MISC
wordpress -- wordpressThe PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.2023-01-30not yet calculatedCVE-2023-0581
MISC
MISC
tenable -- micro_apex_one_server_buildA file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.2023-02-01not yet calculatedCVE-2023-0587
MISC
ubireader -- ubireaderubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5.2023-01-31not yet calculatedCVE-2023-0591
MISC
MISC
jefferson -- jffs2A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.2023-01-31not yet calculatedCVE-2023-0592
MISC
MISC
yaffshiv --yaffshiv 
 
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.2023-01-31not yet calculatedCVE-2023-0593
MISC
MISC
rapid7 -- metasploit_proRapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.2023-02-01not yet calculatedCVE-2023-0599
MISC
ampache -- ampacheCross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.2023-02-01not yet calculatedCVE-2023-0606
MISC
CONFIRM
projectsend -- projectsendCross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.2023-02-01not yet calculatedCVE-2023-0607
MISC
CONFIRM
microweber -- microweberCross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.2023-02-01not yet calculatedCVE-2023-0608
MISC
CONFIRM
wallabag -- wallabagImproper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.2023-02-01not yet calculatedCVE-2023-0609
MISC
CONFIRM
wallabag -- wallabagImproper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.2023-02-01not yet calculatedCVE-2023-0610
MISC
CONFIRM
trendnet -- tew-652brp_3.04b01A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.2023-02-01not yet calculatedCVE-2023-0611
MISC
MISC
trendnet -- tew-811druA vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.2023-02-01not yet calculatedCVE-2023-0612
MISC
MISC
trendnet -- tew-811druA vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability.2023-02-01not yet calculatedCVE-2023-0613
MISC
MISC
trendnet -- tew-811druA vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219957 was assigned to this vulnerability.2023-02-01not yet calculatedCVE-2023-0617
MISC
MISC
trendnet -- tew-652brp_3.04b01A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219958 is the identifier assigned to this vulnerability.2023-02-01not yet calculatedCVE-2023-0618
MISC
MISC
wordpress -- wordpressThe Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.2023-02-01not yet calculatedCVE-2023-0619
MISC
MISC
shadow-utils -- shadow-utilsAn uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.2023-02-02not yet calculatedCVE-2023-0634
MISC
MISC
MISC
MISC
trendnet -- tew-811druA vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability.2023-02-02not yet calculatedCVE-2023-0637
MISC
MISC
trendnet -- tew-811druA vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability.2023-02-02not yet calculatedCVE-2023-0638
MISC
MISC
trendnet -- tew-652brp_3.04b01A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.2023-02-02not yet calculatedCVE-2023-0639
MISC
MISC
trendnet -- tew-652brp_3.04b01A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020.2023-02-02not yet calculatedCVE-2023-0640
MISC
MISC
phpgurukul -- employee_leaves_management_systemA vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.2023-02-02not yet calculatedCVE-2023-0641
MISC
MISC
MISC
squidex -- squidexCross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.2023-02-02not yet calculatedCVE-2023-0642
MISC
CONFIRM
squidex -- squidexImproper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.2023-02-02not yet calculatedCVE-2023-0643
CONFIRM
MISC
dst-admin -- dst-adminA vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability.2023-02-02not yet calculatedCVE-2023-0646
MISC
MISC
MISC
dst-admin -- dst-adminA vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability.2023-02-02not yet calculatedCVE-2023-0647
MISC
MISC
MISC
dst-admin -- dst-adminA vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035.2023-02-02not yet calculatedCVE-2023-0648
MISC
MISC
MISC
dst-admin -- dst-adminA vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036.2023-02-02not yet calculatedCVE-2023-0649
MISC
MISC
MISC
yafnet -- yafnetA vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.2023-02-02not yet calculatedCVE-2023-0650
MISC
MISC
MISC
MISC
MISC
MISC
fastcms -- fastcmsA vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability.2023-02-02not yet calculatedCVE-2023-0651
MISC
MISC
MISC
MISC
multilaser -- re057/ re170A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.2023-02-03not yet calculatedCVE-2023-0658
MISC
MISC
bdcom -- 1704-wglA vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability.2023-02-03not yet calculatedCVE-2023-0659
MISC
MISC
calendar_event_management_system -- calendar_event_management_systemA vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175.2023-02-03not yet calculatedCVE-2023-0663
MISC
MISC
MISC
froxlor -- froxlorCode Injection in GitHub repository froxlor/froxlor prior to 2.0.10.2023-02-04not yet calculatedCVE-2023-0671
CONFIRM
MISC
sourcecodester -- online_eyewear_shopA vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.2023-02-04not yet calculatedCVE-2023-0673
MISC
MISC
xxl-job -- xxl-jobA vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.2023-02-04not yet calculatedCVE-2023-0674
MISC
MISC
MISC
calendar_event_management_system -- calendar_event_management_systemA vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability.2023-02-04not yet calculatedCVE-2023-0675
MISC
MISC
MISC
phpipam -- phpipamCross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.2023-02-04not yet calculatedCVE-2023-0676
MISC
CONFIRM
phpipam -- phpipamCross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.2023-02-04not yet calculatedCVE-2023-0677
CONFIRM
MISC
phpipam -- phpipamImproper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.2023-02-04not yet calculatedCVE-2023-0678
MISC
CONFIRM
vmware  -- workstationVMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.2023-02-03not yet calculatedCVE-2023-20854
MISC
vmware -- vrealize_operationsVMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.2023-02-01not yet calculatedCVE-2023-20856
MISC
f5 -- big-ipOn versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22281
MISC
f5 -- apm_clientsOn versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22283
MISC
f5 -- big-ipIn BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22302
MISC
snap_one -- wattbox_wb-300-ip-3Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code.2023-01-30not yet calculatedCVE-2023-22315
MISC
omron -- cx-motion_proImproper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed.2023-01-30not yet calculatedCVE-2023-22322
MISC
f5 -- big-ipIn BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22323
MISC
contec -- conprosys_hmi_systemSQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.2023-01-30not yet calculatedCVE-2023-22324
MISC
MISC
MISC
f5 -- big-ipIn BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22326
MISC
pgpool_globabl_development_group -- pgpool-iiInformation disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.2023-01-30not yet calculatedCVE-2023-22332
MISC
MISC
first_net_japan -- easymailCross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.2023-01-30not yet calculatedCVE-2023-22333
MISC
MISC
f5 -- big-ipOn BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22340
MISC
f5 -- big-ip
 
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22341
MISC
f5 -- apm_clients
 
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22358
MISC
f5 -- big-ip
 
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22374
MISC
snap_one – wattbox_wb-300-ip-3
 
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.2023-01-30not yet calculatedCVE-2023-22389
MISC
f5 -- big-ip
 
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22418
MISC
f5 -- big-ip
 
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22422
MISC
parse_server -- parse_serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`.2023-02-03not yet calculatedCVE-2023-22474
MISC
MISC
atlassian -- jiraAn authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.2023-02-01not yet calculatedCVE-2023-22501
MISC
dell -- powerscale_onefsDell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.2023-02-01not yet calculatedCVE-2023-22572
MISC
dell -- powerscale_onefsDell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.2023-02-01not yet calculatedCVE-2023-22573
MISC
dell -- powerscale_onefsDell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.2023-02-01not yet calculatedCVE-2023-22574
MISC
dell -- powerscale_onefsDell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.2023-02-01not yet calculatedCVE-2023-22575
MISC
ecostruxure -- geo_scada_expertA CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)2023-01-31not yet calculatedCVE-2023-22610
MISC
ecostruxure -- geo_scada_expertA CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)2023-01-31not yet calculatedCVE-2023-22611
MISC
f5 -- f5osOn F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22657
MISC
f5 -- big-ipOn BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22664
MISC
wireapp -- wire-serverwire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not allowed to do so. The issue is fixed in wire-server 2022-12-09 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-12-09/Chart 4.29.0, so that their backends are no longer affected. There are no known workarounds.2023-01-28not yet calculatedCVE-2023-22737
MISC
MISC
MISC
MISC
ckan -- ckanCKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images).2023-02-03not yet calculatedCVE-2023-22746
MISC
MISC
MISC
f5 -- big-ipOn BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22839
MISC
f5 -- big-ipOn BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-22842
MISC
apache_software -- apache_sling_appAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.62023-02-04not yet calculatedCVE-2023-22849
MISC
jfinal_cms -- jfinal_cmsjfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).2023-02-03not yet calculatedCVE-2023-22975
MISC
zoho -- manageengine_servicedesk_plusCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.2023-02-01not yet calculatedCVE-2023-23073
MISC
zoho -- manageengine_servicedesk_plusCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.2023-02-01not yet calculatedCVE-2023-23074
MISC
zoho -- asset_explorerCross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.2023-02-01not yet calculatedCVE-2023-23075
MISC
zoho -- support_centerOS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.2023-02-01not yet calculatedCVE-2023-23076
MISC
zoho -- manageengine_servicedesk_plusCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.2023-02-01not yet calculatedCVE-2023-23077
MISC
zoho -- manageengine_servicedesk_plusCross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.2023-02-01not yet calculatedCVE-2023-23078
MISC
kodi -- home_theater_softwareA heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.2023-02-03not yet calculatedCVE-2023-23082
MISC
MISC
MISC
MISC
MISC
mojojson -- mojojsonBuffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function.2023-02-03not yet calculatedCVE-2023-23086
MISC
mojojson -- mojojsonAn issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.2023-02-03not yet calculatedCVE-2023-23087
MISC
json-parser -- json-parserBuffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.2023-02-03not yet calculatedCVE-2023-23088
MISC
netgear -- multiple_productsAn exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.2023-02-02not yet calculatedCVE-2023-23110
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ubiquiti -- airfiber_af2x_radioThe use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.2023-02-02not yet calculatedCVE-2023-23119
MISC
MISC
trendnet -- tv-ip651wiThe use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.2023-02-02not yet calculatedCVE-2023-23120
MISC
MISC
selfwealth -- ios_mobile_app_3.3.1Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.2023-02-01not yet calculatedCVE-2023-23131
MISC
selfwealth -- ios_mobile_app_3.3.1Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.2023-02-01not yet calculatedCVE-2023-23132
MISC
ftdms -- ftdmsAn arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.2023-02-01not yet calculatedCVE-2023-23135
MISC
lmxcms -- lmxcmslmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.2023-02-01not yet calculatedCVE-2023-23136
MISC
ibm -- automation_decision_servicesIBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.2023-02-01not yet calculatedCVE-2023-23469
MISC
MISC
ibm -- websphere_application_serverIBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.2023-02-03not yet calculatedCVE-2023-23477
MISC
MISC
f5 -- big-ipOn versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-23552
MISC
f5 -- big-ip
 
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-02-01not yet calculatedCVE-2023-23555
MISC
snap_one -- wattbox_wb-300-ip-3Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.2023-01-30not yet calculatedCVE-2023-23582
MISC
discourse -- discourseDiscourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.2023-02-03not yet calculatedCVE-2023-23615
MISC
discourse -- discourseDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests.2023-01-28not yet calculatedCVE-2023-23616
MISC
CONFIRM
MISC
MISC
openmage_lts -- openmage_ltsOpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.2023-01-28not yet calculatedCVE-2023-23617
MISC
MISC
MISC
MISC
discourse -- discourseDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.2023-01-28not yet calculatedCVE-2023-23620
CONFIRM
MISC
MISC
discourse -- discourseDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.2023-01-28not yet calculatedCVE-2023-23621
MISC
MISC
MISC
discourse -- discourseDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.2023-01-28not yet calculatedCVE-2023-23624
MISC
MISC
MISC
sanitize -- sanitizeSanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.2023-01-28not yet calculatedCVE-2023-23627
MISC
metabase -- metabaseMetabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds.2023-01-28not yet calculatedCVE-2023-23628
MISC
metabase -- metabaseMetabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the "Subscriptions and Alerts" permission for groups that have restricted data permissions, as a workaround.2023-01-28not yet calculatedCVE-2023-23629
MISC
eta_dev -- etaEta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`.2023-02-01not yet calculatedCVE-2023-23630
MISC
MISC
MISC
jellyfin -- jellyfin-webIn Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.2023-02-03not yet calculatedCVE-2023-23635
MISC
MISC
MISC
jellyfin -- jellyfin-webIn Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.2023-02-03not yet calculatedCVE-2023-23636
MISC
MISC
MISC
dell -- data_domainDell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.2023-02-01not yet calculatedCVE-2023-23692
MISC
joomla!_project -- joomla!_cmsAn issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.2023-02-01not yet calculatedCVE-2023-23750
MISC
joomla!_project -- joomla!_cmsAn issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.2023-02-01not yet calculatedCVE-2023-23751
MISC
open5gs -- open5gsDue to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C2023-02-01not yet calculatedCVE-2023-23846
MISC
dompdf -- dompdfDompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.2023-02-01not yet calculatedCVE-2023-23924
MISC
MISC
MISC
switcherapie -- switcher-client-masterSwitcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.2023-02-03not yet calculatedCVE-2023-23925
MISC
MISC
reason-jose -- reason-josereason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2.2023-02-01not yet calculatedCVE-2023-23928
MISC
MISC
MISC
opendds -- openddsOpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.2023-02-03not yet calculatedCVE-2023-23932
MISC
MISC
opensearch-project -- anomaly-detectionOpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue.2023-02-03not yet calculatedCVE-2023-23933
MISC
pimcore -- pimcorePimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16.2023-02-03not yet calculatedCVE-2023-23937
MISC
MISC
onezeppelin -- cairo-contractsOpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1.2023-02-03not yet calculatedCVE-2023-23940
MISC
MISC
shopware -- swagpaypalSwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.2023-02-03not yet calculatedCVE-2023-23941
MISC
MISC
djangoproject -- djangoIn Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.2023-02-01not yet calculatedCVE-2023-23969
MISC
CONFIRM
MISC
MLIST
snap_one -- wattbox_wb-300-ip-3Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login.2023-01-30not yet calculatedCVE-2023-24020
MISC
progress -- ws_ftpIn Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.2023-02-03not yet calculatedCVE-2023-24029
MISC
MISC
wordpress -- wordpressNOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting.2023-01-29not yet calculatedCVE-2023-24065
MISC
MISC
MISC
MISC
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.2023-02-03not yet calculatedCVE-2023-24138
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.2023-02-03not yet calculatedCVE-2023-24139
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.2023-02-03not yet calculatedCVE-2023-24140
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.2023-02-03not yet calculatedCVE-2023-24141
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.2023-02-03not yet calculatedCVE-2023-24142
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.2023-02-03not yet calculatedCVE-2023-24143
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.2023-02-03not yet calculatedCVE-2023-24144
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.2023-02-03not yet calculatedCVE-2023-24145
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.2023-02-03not yet calculatedCVE-2023-24146
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.2023-02-03not yet calculatedCVE-2023-24147
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.2023-02-03not yet calculatedCVE-2023-24148
MISC
totolink -- ca300-poeTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.2023-02-03not yet calculatedCVE-2023-24149
MISC
totolink -- t8A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.2023-02-03not yet calculatedCVE-2023-24150
MISC
totolink -- t8A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.2023-02-03not yet calculatedCVE-2023-24151
MISC
totolink -- t8A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.2023-02-03not yet calculatedCVE-2023-24152
MISC
totolink -- t8A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.2023-02-03not yet calculatedCVE-2023-24153
MISC
totolink -- t8TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.2023-02-03not yet calculatedCVE-2023-24154
MISC
totolink -- t8TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.2023-02-03not yet calculatedCVE-2023-24155
MISC
totolink -- t8A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.2023-02-03not yet calculatedCVE-2023-24156
MISC
totolink -- t8A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.2023-02-03not yet calculatedCVE-2023-24157
MISC
dromara -- hutoolDeserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.2023-01-31not yet calculatedCVE-2023-24162
MISC
MISC
dromara -- hutool
 
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine.2023-01-31not yet calculatedCVE-2023-24163
MISC
forget_heart_message_box -- forget_heart_message_boxForget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php.2023-02-01not yet calculatedCVE-2023-24241
MISC
dell -- enterprise_somic_osDell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.2023-02-02not yet calculatedCVE-2023-24574
MISC
dell -- networker_nveEMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.2023-02-03not yet calculatedCVE-2023-24576
MISC
dell -- networker_nveNOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.2023-02-01not yet calculatedCVE-2023-24610
MISC
MISC
MISC
MISC
pdfbook -- pdfbookThe PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.2023-01-30not yet calculatedCVE-2023-24612
MISC
array_networks -- ag_vxag_uiThe user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.2023-02-03not yet calculatedCVE-2023-24613
MISC
safeurl-python -- safeurl-pythonisInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.2023-01-30not yet calculatedCVE-2023-24622
MISC
paranoidhttp -- paranoidhttpParanoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.2023-01-30not yet calculatedCVE-2023-24623
MISC
MISC
MISC
apache -- iotdbIncorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.2023-01-31not yet calculatedCVE-2023-24829
MISC
apache -- iotdbImproper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.2023-01-30not yet calculatedCVE-2023-24830
MISC
forget_heart_message_box -- forget_heart_message_boxForget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.2023-02-01not yet calculatedCVE-2023-24956
MISC
apache -- inlongOut-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it.2023-02-01not yet calculatedCVE-2023-24977
MISC
apache -- inlongDeserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.2023-02-01not yet calculatedCVE-2023-24997
MISC
linux -- kernelThe Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.2023-02-02not yet calculatedCVE-2023-25012
MISC
MISC
MLIST
typo3 -- femanger_extensionAn issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.2023-02-02not yet calculatedCVE-2023-25013
MISC
MISC
typo3 -- femanger_extensionAn issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.2023-02-02not yet calculatedCVE-2023-25014
MISC
MISC
clockwork_web -- clockwork_webClockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.2023-02-02not yet calculatedCVE-2023-25015
MISC
CONFIRM
MISC
vbulletin -- vbulletinvBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.2023-02-03not yet calculatedCVE-2023-25135
MISC
MISC
openssh -- openssh_serverOpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."2023-02-03not yet calculatedCVE-2023-25136
MISC
MISC
MISC
MISC
glibc -- glibcsprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.2023-02-03not yet calculatedCVE-2023-25139
MISC
harfbuzz -- harfbuzzhb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.2023-02-04not yet calculatedCVE-2023-25193
MISC
MISC
MISC

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.