CVE List - 2023 / January
Showing 1 - 100 of 2351 CVEs for January 2023 (Page 1 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-34322 | 2023-01-01 | Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be... |
| CVE-2022-34323 | 2023-01-01 | Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to... |
| CVE-2022-34324 | 2023-01-01 | Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History. |
| CVE-2022-37785 | 2023-01-01 | An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. |
| CVE-2022-37786 | 2023-01-01 | An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and... |
| CVE-2022-37787 | 2023-01-01 | An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page. |
| CVE-2022-40711 | 2023-01-01 | PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Administrator role can inject an XSS payload to target higher-privilege users. |
| CVE-2022-45027 | 2023-01-01 | perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address. |
| CVE-2022-45213 | 2023-01-01 | perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. |
| CVE-2022-47634 | 2023-01-01 | M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867. |
| CVE-2022-47952 | 2023-01-01 | lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open"... |
| CVE-2022-48198 | 2023-01-01 | The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application,... |
| CVE-2023-0028 | 2023-01-01 | Cross-site Scripting (XSS) - Stored in linagora/twake |
| CVE-2023-22551 | 2023-01-01 | The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remote attackers to cause a denial of service (memory consumption) by engaging in client activity,... |
| CVE-2018-25062 | 2023-01-01 | flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service |
| CVE-2018-25063 | 2023-01-01 | Zenoss Dashboard defaultportlets.js cross site scripting |
| CVE-2014-125030 | 2023-01-01 | taoeffect Empress hard-coded password |
| CVE-2023-0029 | 2023-01-01 | Multilaser RE708 Telnet Service denial of service |
| CVE-2010-10002 | 2023-01-01 | SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting |
| CVE-2013-10006 | 2023-01-01 | Ziftr primecoin bitcoinrpc.cpp HTTPAuthorized timing discrepancy |
| CVE-2015-10006 | 2023-01-01 | admont28 Ingnovarq insertarSliderAjax.php cross site scripting |
| CVE-2021-4297 | 2023-01-01 | trampgeek jobe Restapi.php runs_post Privilege Escalation |
| CVE-2019-13768 | 2023-01-02 | Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High) |
| CVE-2021-21200 | 2023-01-02 | Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... |
| CVE-2021-30558 | 2023-01-02 | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity:... |
| CVE-2022-0337 | 2023-01-02 | Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security... |
| CVE-2022-0801 | 2023-01-02 | Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) |
| CVE-2022-2742 | 2023-01-02 | Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions... |
| CVE-2022-2743 | 2023-01-02 | Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions... |
| CVE-2022-3842 | 2023-01-02 | Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2022-3863 | 2023-01-02 | Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) |
| CVE-2022-4025 | 2023-01-02 | Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) |
| CVE-2022-48197 | 2023-01-02 | Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only... |
| CVE-2022-3460 | 2023-01-02 | In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. |
| CVE-2014-125031 | 2023-01-02 | kirill2485 TekNet loggedin.php cross site scripting |
| CVE-2014-125032 | 2023-01-02 | porpeeranut go-with-me add.php sql injection |
| CVE-2014-125033 | 2023-01-02 | rails-cv-app uploaded_files_controller.rb path traversal |
| CVE-2021-4298 | 2023-01-02 | Hesburgh Libraries of Notre Dame Sipity search_criteria_for_works_parameter.rb SearchCriteriaForWorksParameter sql injection |
| CVE-2021-4299 | 2023-01-02 | cronvel string-kit naturalSort.js naturalSort redos |
| CVE-2016-15006 | 2023-01-02 | enigmaX Scrambling Table main.c getSeed prng seed |
| CVE-2022-42475 | 2023-01-02 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1,... |
| CVE-2019-25093 | 2023-01-02 | dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scripting |
| CVE-2014-125034 | 2023-01-02 | stiiv contact_app View.php render cross site scripting |
| CVE-2015-10007 | 2023-01-02 | 82Flex WEIPDCRM cross site scripting |
| CVE-2015-10008 | 2023-01-02 | 82Flex WEIPDCRM sql injection |
| CVE-2015-10009 | 2023-01-02 | nterchange code_caller_controller.php getContent code injection |
| CVE-2017-20161 | 2023-01-02 | rofl0r MacGeiger ESSID macgeiger.c dump_wlan_at injection |
| CVE-2023-22451 | 2023-01-02 | Weak password requirements in Kiwi TCMS |
| CVE-2014-125035 | 2023-01-02 | Jobs-Plugin cross site scripting |
| CVE-2014-125036 | 2023-01-02 | drybjed ansible-ntp main.yml amplification |
| CVE-2014-125037 | 2023-01-02 | License to Kill injury.rb sql injection |
| CVE-2014-125038 | 2023-01-02 | IS_Projecto2 NewsBean.java sql injection |
| CVE-2016-15007 | 2023-01-02 | Centralized-Salesforce-Dev-Framework SOQL SObjectService.cls SObjectService injection |
| CVE-2023-22452 | 2023-01-02 | Improper Input Validation in kenny2automate |
| CVE-2015-10010 | 2023-01-02 | OpenDNS OpenResolve API endpoints.py get cross site scripting |
| CVE-2015-10011 | 2023-01-02 | OpenDNS OpenResolve endpoints.py neutralization for logs |
| CVE-2022-4371 | 2023-01-02 | Web Invoice <= 2.1.3 - Authenticated SQLi |
| CVE-2022-4351 | 2023-01-02 | Qe SEO Handyman <= 1.0 - Admin+ SQLi |
| CVE-2022-4297 | 2023-01-02 | WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi |
| CVE-2022-4370 | 2023-01-02 | Multimedial Images <= 1.0b - Admin+ SQLi |
| CVE-2022-4059 | 2023-01-02 | Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi |
| CVE-2022-4357 | 2023-01-02 | LetsRecover < 1.2.0 - Unauthenticated SQLi |
| CVE-2022-3241 | 2023-01-02 | Build App Online < 1.0.19 - Unauthenticated SQL Injection |
| CVE-2022-4140 | 2023-01-02 | Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access |
| CVE-2022-4360 | 2023-01-02 | WP RSS By Publishers <= 0.1 - Admin+ SQLi |
| CVE-2022-4049 | 2023-01-02 | WP User <= 7.0 - Unauthenticated SQLi |
| CVE-2022-4198 | 2023-01-02 | WP Social Sharing <= 2.2 - Admin+ Stored XSS |
| CVE-2022-4340 | 2023-01-02 | BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id |
| CVE-2022-4356 | 2023-01-02 | LetsRecover < 1.2.0 - Admin+ SQLi |
| CVE-2022-4142 | 2023-01-02 | WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS |
| CVE-2022-4302 | 2023-01-02 | White Label CMS < 2.5 - Admin+ PHP Object Injection |
| CVE-2022-3994 | 2023-01-02 | Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure |
| CVE-2022-4355 | 2023-01-02 | LetsRecover < 1.2.0 - Admin+ SQLi |
| CVE-2022-4119 | 2023-01-02 | Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS |
| CVE-2022-3936 | 2023-01-02 | Team Members < 5.2.1 - Editor+ Stored XSS |
| CVE-2022-4359 | 2023-01-02 | WP RSS By Publishers <= 0.1 - Admin+ SQLi |
| CVE-2022-4358 | 2023-01-02 | WP RSS By Publishers <= 0.1 - Admin+ SQLi |
| CVE-2022-4362 | 2023-01-02 | Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4381 | 2023-01-02 | Popup Maker < 1.16.9 - Contributor+ Stored XSS via Subscription Form |
| CVE-2022-4417 | 2023-01-02 | WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API |
| CVE-2022-4114 | 2023-01-02 | Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-4324 | 2023-01-02 | Custom Field Template < 2.5.8 - Admin+ PHP Object Injection |
| CVE-2022-4373 | 2023-01-02 | Quote-O-Matic <= 1.0.5 - Admin+ SQLi |
| CVE-2022-4236 | 2023-01-02 | Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access |
| CVE-2022-4109 | 2023-01-02 | Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download |
| CVE-2022-4298 | 2023-01-02 | Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download |
| CVE-2022-4099 | 2023-01-02 | Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi |
| CVE-2022-4369 | 2023-01-02 | WP-Lister Lite for Amazon < 2.4.4 - Reflected XSS |
| CVE-2022-4200 | 2023-01-02 | Login with Cognito <= 1.4.8 - Admin+ Stored XSS |
| CVE-2022-4352 | 2023-01-02 | Qe SEO Handyman <= 1.0 - Admin+ SQLi |
| CVE-2022-4256 | 2023-01-02 | All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS |
| CVE-2022-3911 | 2023-01-02 | iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin |
| CVE-2022-4057 | 2023-01-02 | Autoptimize < 3.1.0 - Sensitive Data Disclosure |
| CVE-2022-4329 | 2023-01-02 | Product list Widget for Woocommerce <= 1.0 - Reflected XSS |
| CVE-2022-4372 | 2023-01-02 | Web Invoice <= 2.1.3 - Authenticated SQLi |
| CVE-2022-4237 | 2023-01-02 | Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation |
| CVE-2022-4260 | 2023-01-02 | WP-Ban < 1.69.1 - Admin+ Stored XSS |
| CVE-2022-3860 | 2023-01-02 | Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi |
| CVE-2022-44036 | 2023-01-03 | In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature... |
| CVE-2021-32821 | 2023-01-03 | Regular expression Denial of Service in MooTools |