CVE List - 2023 / January
Showing 901 - 1000 of 2351 CVEs for January 2023 (Page 10 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-16317 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16318 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16319 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16320 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16321 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16322 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16323 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16324 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16325 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16326 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16327 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16328 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16329 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16330 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16331 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16332 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16333 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16334 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16335 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-16336 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service... |
| CVE-2017-14454 | 2023-01-11 | Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service... |
| CVE-2022-3437 | 2023-01-12 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow... |
| CVE-2023-23456 | 2023-01-12 | Upx: heap-buffer-overflow in packtmt::pack() |
| CVE-2017-5242 | 2023-01-12 | Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key |
| CVE-2022-25026 | 2023-01-12 | A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. |
| CVE-2022-25027 | 2023-01-12 | The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button... |
| CVE-2022-3145 | 2023-01-12 | An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. |
| CVE-2022-3341 | 2023-01-12 | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and... |
| CVE-2022-3514 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.... |
| CVE-2022-3515 | 2023-01-12 | A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system... |
| CVE-2022-3573 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.... |
| CVE-2022-3592 | 2023-01-12 | A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote... |
| CVE-2022-3613 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus... |
| CVE-2022-3628 | 2023-01-12 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow... |
| CVE-2022-3870 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.... |
| CVE-2022-39182 | 2023-01-12 | H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation |
| CVE-2022-39183 | 2023-01-12 | Moodle Plugin - SAML Auth Open Redirect |
| CVE-2022-39184 | 2023-01-12 | EXFO - BV-10 Performance Endpoint Unit Authentication bypass |
| CVE-2022-39185 | 2023-01-12 | EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. |
| CVE-2022-39186 | 2023-01-12 | EXFO - BV-10 Performance Endpoint Unit Misconfiguration |
| CVE-2022-39187 | 2023-01-12 | Rumpus - FTP server Reflected cross-site scripting (RXSS) |
| CVE-2022-3977 | 2023-01-12 | A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which... |
| CVE-2022-4037 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition... |
| CVE-2022-4131 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.... |
| CVE-2022-4167 | 2023-01-12 | Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working... |
| CVE-2022-42704 | 2023-01-12 | A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via... |
| CVE-2022-4342 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.... |
| CVE-2022-4345 | 2023-01-12 | Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file |
| CVE-2022-4365 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2.... |
| CVE-2022-45728 | 2023-01-12 | Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2022-45729 | 2023-01-12 | A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. |
| CVE-2022-46367 | 2023-01-12 | Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation |
| CVE-2022-46368 | 2023-01-12 | Rumpus - FTP server Cross-site request forgery (CSRF) – Create user |
| CVE-2022-46369 | 2023-01-12 | Rumpus - FTP server Persistent cross-site scripting (PXSS) – Unspecified vector |
| CVE-2022-46370 | 2023-01-12 | Rumpus - FTP server Improper Token Verification |
| CVE-2022-46371 | 2023-01-12 | Alotcer - AR7088H-A Information disclosure |
| CVE-2022-46372 | 2023-01-12 | Alotcer - AR7088H-A Authenticated Command execution |
| CVE-2022-46438 | 2023-01-12 | A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description... |
| CVE-2022-46463 | 2023-01-12 | An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described... |
| CVE-2022-46472 | 2023-01-12 | Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete. |
| CVE-2022-46503 | 2023-01-12 | A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name... |
| CVE-2022-46622 | 2023-01-12 | A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. |
| CVE-2022-46623 | 2023-01-12 | Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. |
| CVE-2022-47102 | 2023-01-12 | A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name... |
| CVE-2022-4743 | 2023-01-12 | A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2... |
| CVE-2022-47927 | 2023-01-12 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite... |
| CVE-2022-4842 | 2023-01-12 | A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system. |
| CVE-2023-0042 | 2023-01-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection... |
| CVE-2023-0227 | 2023-01-12 | Insufficient Session Expiration in pyload/pyload |
| CVE-2023-0247 | 2023-01-12 | Uncontrolled Search Path Element in bits-and-blooms/bloom |
| CVE-2023-22391 | 2023-01-12 | Junos OS: ACX2K Series: Receipt of a high rate of specific traffic will lead to a Denial of Service (DoS) |
| CVE-2023-22393 | 2023-01-12 | Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop |
| CVE-2023-22394 | 2023-01-12 | Junos OS: SRX Series and MX Series: Memory leak due to receipt of specially crafted SIP calls |
| CVE-2023-22395 | 2023-01-12 | Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity |
| CVE-2023-22396 | 2023-01-12 | Junos OS: Receipt of crafted TCP packets destined to the device results in MBUF leak leading to a Denial of Service (DoS) |
| CVE-2023-22397 | 2023-01-12 | Junos OS Evolved: PTX10003: An attacker sending specific genuine packets will cause a memory leak in the PFE leading to a Denial of Service |
| CVE-2023-22398 | 2023-01-12 | Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs |
| CVE-2023-22399 | 2023-01-12 | Junos OS: QFX10K Series: PFE crash upon receipt of specific genuine packets when sFlow is enabled |
| CVE-2023-22400 | 2023-01-12 | Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash |
| CVE-2023-22401 | 2023-01-12 | Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash |
| CVE-2023-22402 | 2023-01-12 | Junos OS Evolved: The kernel might restart in a BGP scenario where "bgp auto-discovery" is enabled and such a neighbor flaps |
| CVE-2023-22403 | 2023-01-12 | Junos OS: QFX10K Series: An ICCP flap will be observed due to excessive specific traffic |
| CVE-2023-22404 | 2023-01-12 | Junos OS: SRX Series and MX Series with SPC3: When IPsec VPN is configured iked will core when a specifically formatted payload is received |
| CVE-2023-22405 | 2023-01-12 | Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot |
| CVE-2023-22406 | 2023-01-12 | Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF |
| CVE-2023-22407 | 2023-01-12 | Junos OS and Junos OS Evolved: An RPD crash can happen due to an MPLS TE tunnel configuration change on a directly connected router |
| CVE-2023-22408 | 2023-01-12 | Junos OS: SRX 5000 Series: Upon processing of a specific SIP packet an FPC can crash |
| CVE-2023-22409 | 2023-01-12 | Junos OS: SRX Series, MX Series with SPC3: When an inconsistent NAT configuration exists and a specific CLI command is issued the SPC will reboot |
| CVE-2023-22410 | 2023-01-12 | Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak. |
| CVE-2023-22411 | 2023-01-12 | Junos OS: SRX Series: The flow processing daemon (flowd) will crash when Unified Policies are used with IPv6 and certain dynamic applications are rejected by the device |
| CVE-2023-22412 | 2023-01-12 | Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if the SIP ALG is enabled and specific SIP messages are processed |
| CVE-2023-22413 | 2023-01-12 | Junos OS: MX Series: The Multiservices PIC Management Daemon (mspmand) will crash when an IPsec6 tunnel processes specific IPv4 packets |
| CVE-2023-22414 | 2023-01-12 | Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed |
| CVE-2023-22415 | 2023-01-12 | Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash when specific H.323 packets are received |
| CVE-2023-22416 | 2023-01-12 | Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if SIP ALG is enabled and a malformed SIP packet is received |
| CVE-2023-22417 | 2023-01-12 | Junos OS: SRX Series: A memory leak might be observed in IPsec VPN scenario leading to an FPC crash |
| CVE-2023-23454 | 2023-01-12 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT... |
| CVE-2023-23455 | 2023-01-12 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather... |
| CVE-2023-23457 | 2023-01-12 | Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp |
| CVE-2022-24913 | 2023-01-12 | Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. |