CVE List - 2023 / January
Showing 1401 - 1500 of 2351 CVEs for January 2023 (Page 15 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45613 | 2023-01-18 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2022-45922 | 2023-01-18 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered.... |
| CVE-2022-45923 | 2023-01-18 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and... |
| CVE-2022-45924 | 2023-01-18 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem. |
| CVE-2022-45925 | 2023-01-18 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP... |
| CVE-2022-45926 | 2023-01-18 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. |
| CVE-2022-45927 | 2023-01-18 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server.... |
| CVE-2022-45928 | 2023-01-18 | A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML... |
| CVE-2022-46505 | 2023-01-18 | An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data. |
| CVE-2022-47881 | 2023-01-18 | Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of-Bounds Read vulnerability. |
| CVE-2022-47950 | 2023-01-18 | An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary... |
| CVE-2022-47966 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the... |
| CVE-2023-0040 | 2023-01-18 | Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP... |
| CVE-2023-0164 | 2023-01-18 | OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function. |
| CVE-2023-0358 | 2023-01-18 | Use After Free in gpac/gpac |
| CVE-2023-21579 | 2023-01-18 | Adobe Acrobat Reader DC Font Parsing Integer Overflow Remote Code Execution Vulnerability |
| CVE-2023-21581 | 2023-01-18 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21585 | 2023-01-18 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21601 | 2023-01-18 | Adobe Dimension OBJ File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-21603 | 2023-01-18 | Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21604 | 2023-01-18 | Adobe Acrobat Reader Stack-based Buffer Overflow Arbitrary code execution |
| CVE-2023-21605 | 2023-01-18 | Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Arbitrary code execution |
| CVE-2023-21606 | 2023-01-18 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21607 | 2023-01-18 | Adobe Acrobat Reader Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-21608 | 2023-01-18 | Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-21609 | 2023-01-18 | Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21610 | 2023-01-18 | Adobe Acrobat Reader Stack-based Buffer Overflow Arbitrary code execution |
| CVE-2023-21611 | 2023-01-18 | Adobe Acrobat Reader Creation of Temporary File in Directory with Incorrect Permissions Privilege escalation |
| CVE-2023-21612 | 2023-01-18 | Adobe Acrobat Reader Creation of Temporary File in Directory with Incorrect Permissions Privilege escalation |
| CVE-2023-21613 | 2023-01-18 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21614 | 2023-01-18 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-22809 | 2023-01-18 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries... |
| CVE-2023-21860 | 2023-01-18 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31... |
| CVE-2022-41989 | 2023-01-18 | CVE-2022-41989 |
| CVE-2022-43455 | 2023-01-18 | CVE-2022-43455 |
| CVE-2022-43483 | 2023-01-18 | CVE-2022-43483 |
| CVE-2022-45127 | 2023-01-18 | CVE-2022-45127 |
| CVE-2022-45444 | 2023-01-18 | CVE-2022-45444 |
| CVE-2022-46733 | 2023-01-18 | CVE-2022-46733 |
| CVE-2022-47395 | 2023-01-18 | CVE-2022-47395 |
| CVE-2022-47911 | 2023-01-18 | CVE-2022-47911 |
| CVE-2022-47917 | 2023-01-18 | CVE-2022-47917 |
| CVE-2015-10067 | 2023-01-18 | oznetmaster SSharpSmartThreadPool SmartThreadPool.cs race condition |
| CVE-2018-25077 | 2023-01-18 | melnaron mel-spintax spintax.js redos |
| CVE-2020-36651 | 2023-01-18 | youngerheart nodeserver nodeserver.js path traversal |
| CVE-2022-25901 | 2023-01-18 | Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the Cookie.parse function, which uses an insecure regular expression. |
| CVE-2022-34456 | 2023-01-18 | Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands... |
| CVE-2022-34393 | 2023-01-18 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-34460 | 2023-01-18 | Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in... |
| CVE-2022-34401 | 2023-01-18 | Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to... |
| CVE-2010-10007 | 2023-01-18 | lierdakil click-reminder BaseAction.php db_query sql injection |
| CVE-2022-32490 | 2023-01-18 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. |
| CVE-2022-34462 | 2023-01-18 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to... |
| CVE-2022-34442 | 2023-01-18 | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially... |
| CVE-2015-10068 | 2023-01-18 | danynab movify-j ReviewServiceImpl.java getByMovieId sql injection |
| CVE-2020-36653 | 2023-01-18 | GENI Portal error-text.php cross site scripting |
| CVE-2020-36654 | 2023-01-18 | GENI Portal sliceresource.php no_invocation_id_error cross site scripting |
| CVE-2023-0214 | 2023-01-18 | XSS in Skyhigh Security SWG |
| CVE-2022-34435 | 2023-01-18 | Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability... |
| CVE-2022-34436 | 2023-01-18 | Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability... |
| CVE-2022-34399 | 2023-01-18 | Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than... |
| CVE-2022-34457 | 2023-01-18 | Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity... |
| CVE-2023-0385 | 2023-01-18 | The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on... |
| CVE-2022-45103 | 2023-01-18 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading... |
| CVE-2017-20172 | 2023-01-18 | ridhoq soundslike songs.py get_song_relations sql injection |
| CVE-2021-4314 | 2023-01-18 | It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the... |
| CVE-2011-10001 | 2023-01-18 | iamdroppy phoenixcf articles.cfm sql injection |
| CVE-2012-10006 | 2023-01-18 | ale7714 sigeprosi sql injection |
| CVE-2017-20173 | 2023-01-18 | AlexRed contentmap contentmap.php Load sql injection |
| CVE-2022-20965 | 2023-01-18 | A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is... |
| CVE-2022-20966 | 2023-01-18 | A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based... |
| CVE-2022-20964 | 2023-01-18 | A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is... |
| CVE-2022-20967 | 2023-01-18 | A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based... |
| CVE-2022-47990 | 2023-01-18 | IBM AIX denial of service |
| CVE-2023-22592 | 2023-01-18 | IBM Robotic Process Automation for Cloud Pak insufficient permission settings |
| CVE-2023-22594 | 2023-01-18 | IBM Robotic Process Automation for Cloud Pak cross-site scripting |
| CVE-2023-22863 | 2023-01-18 | IBM Robotic Process Automation information disclosure |
| CVE-2023-0242 | 2023-01-18 | Insufficient permission check in the VQL copy() function |
| CVE-2010-10009 | 2023-01-18 | frioux ptome sql injection |
| CVE-2023-0290 | 2023-01-18 | Rapid7 Velociraptor directory traversal in client ID parameter |
| CVE-2022-48191 | 2023-01-18 | A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal... |
| CVE-2022-3085 | 2023-01-18 | Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based buffer overflow which may allow an attacker to execute arbitrary code. |
| CVE-2021-37774 | 2023-01-19 | An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. |
| CVE-2022-31901 | 2023-01-19 | Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. |
| CVE-2022-3806 | 2023-01-19 | Bluetooth HCI Error Handling Double Free |
| CVE-2022-46476 | 2023-01-19 | D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. |
| CVE-2022-46887 | 2023-01-19 | Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw... |
| CVE-2022-46888 | 2023-01-19 | Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php; q parameter in /user-ban-log.php;... |
| CVE-2022-46889 | 2023-01-19 | A persistent cross-site scripting (XSS) vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php. |
| CVE-2022-46890 | 2023-01-19 | Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the... |
| CVE-2022-47105 | 2023-01-19 | Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. |
| CVE-2022-47740 | 2023-01-19 | Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. |
| CVE-2022-47745 | 2023-01-19 | ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function... |
| CVE-2022-47766 | 2023-01-19 | PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. |
| CVE-2023-0126 | 2023-01-19 | Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. |
| CVE-2023-0396 | 2023-01-19 | Buffer Overreads in Bluetooth HCI |
| CVE-2023-0397 | 2023-01-19 | DoS: Invalid Initialization in le_read_buffer_size_complete |
| CVE-2023-0398 | 2023-01-19 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-0406 | 2023-01-19 | Cross-Site Request Forgery (CSRF) in modoboa/modoboa |
| CVE-2023-20010 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote... |