CVE List - 2023 / January
Showing 1501 - 1600 of 2351 CVEs for January 2023 (Page 16 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-20057 | 2023-01-19 | A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on... |
| CVE-2023-20026 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on... |
| CVE-2023-20025 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device.... |
| CVE-2023-20037 | 2023-01-19 | A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted... |
| CVE-2023-20038 | 2023-01-19 | A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and... |
| CVE-2023-20020 | 2023-01-19 | A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial... |
| CVE-2023-20018 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This... |
| CVE-2023-20047 | 2023-01-19 | A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial... |
| CVE-2023-20043 | 2023-01-19 | A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit... |
| CVE-2023-20044 | 2023-01-19 | A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit... |
| CVE-2023-20040 | 2023-01-19 | A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that... |
| CVE-2023-20019 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to... |
| CVE-2023-20058 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of... |
| CVE-2023-20045 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying... |
| CVE-2023-20007 | 2023-01-19 | A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary... |
| CVE-2023-20002 | 2023-01-19 | A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability... |
| CVE-2023-20008 | 2023-01-19 | A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.... |
| CVE-2015-10069 | 2023-01-19 | viakondratiuk cash-machine machine.py update_failed_attempts sql injection |
| CVE-2017-20174 | 2023-01-19 | bastianallgeier Kirby Webmentions Plugin injection |
| CVE-2022-4892 | 2023-01-19 | MyCMS Visitors Module view.php build_view cross site scripting |
| CVE-2013-10014 | 2023-01-19 | oktora24 2moons sql injection |
| CVE-2015-10070 | 2023-01-19 | copperwall Twiddit index.php sql injection |
| CVE-2014-125083 | 2023-01-19 | Anant Labs google-enterprise-connector-dctm sql injection |
| CVE-2015-10071 | 2023-01-19 | gitter-badger ezpublish-modern-legacy forgotpassword.php password recovery |
| CVE-2023-23690 | 2023-01-19 | Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit... |
| CVE-2022-3738 | 2023-01-19 | WAGO: Missing authentication for config export functionality in multiple products |
| CVE-2023-0402 | 2023-01-19 | The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes... |
| CVE-2023-0403 | 2023-01-19 | The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several... |
| CVE-2023-0404 | 2023-01-19 | The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and... |
| CVE-2022-40697 | 2023-01-19 | WordPress 3com – Asesor de Cookies para normativa española Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-39167 | 2023-01-19 | IBM Spectrum Virtualize information disclosure |
| CVE-2022-47194 | 2023-01-19 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow... |
| CVE-2022-47195 | 2023-01-19 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow... |
| CVE-2022-47196 | 2023-01-19 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow... |
| CVE-2022-47197 | 2023-01-19 | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow... |
| CVE-2021-27782 | 2023-01-19 | HCL BigFix Mobile / Modern Client Management Server passwords are susceptible to a brute-force attack |
| CVE-2023-22741 | 2023-01-19 | heap-over-flow in stun_parse_attribute in sofia-sip |
| CVE-2023-22745 | 2023-01-19 | Buffer Overlow in TSS2_RC_Decode in tpm2-tss |
| CVE-2020-21152 | 2023-01-20 | SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction. |
| CVE-2020-22653 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22654 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22655 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22656 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22657 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22658 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22659 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22660 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22661 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-22662 | 2023-01-20 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795,... |
| CVE-2020-23256 | 2023-01-20 | An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service. |
| CVE-2020-25502 | 2023-01-20 | Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code... |
| CVE-2020-29297 | 2023-01-20 | Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. |
| CVE-2021-26642 | 2023-01-20 | XpressEngine file upload vulnerability |
| CVE-2021-26644 | 2023-01-20 | SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability... |
| CVE-2021-29368 | 2023-01-20 | Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. |
| CVE-2021-33641 | 2023-01-20 | When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free). |
| CVE-2021-33642 | 2023-01-20 | When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. |
| CVE-2021-37498 | 2023-01-20 | An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the... |
| CVE-2021-37499 | 2023-01-20 | CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. |
| CVE-2021-37500 | 2023-01-20 | Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the... |
| CVE-2022-25631 | 2023-01-20 | Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise... |
| CVE-2022-38110 | 2023-01-20 | Reflected Cross-Site Scripting Vulnerability |
| CVE-2022-38112 | 2023-01-20 | Sensitive Information Disclosure Vulnerability |
| CVE-2022-3918 | 2023-01-20 | A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into... |
| CVE-2022-39193 | 2023-01-20 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information... |
| CVE-2022-41441 | 2023-01-20 | Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. |
| CVE-2022-43704 | 2023-01-20 | The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol... |
| CVE-2022-43959 | 2023-01-20 | Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php. |
| CVE-2022-45537 | 2023-01-20 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". |
| CVE-2022-45538 | 2023-01-20 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". |
| CVE-2022-45539 | 2023-01-20 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. |
| CVE-2022-45540 | 2023-01-20 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. |
| CVE-2022-45541 | 2023-01-20 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. |
| CVE-2022-45542 | 2023-01-20 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. |
| CVE-2022-45557 | 2023-01-20 | Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names. |
| CVE-2022-45558 | 2023-01-20 | Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag. |
| CVE-2022-45748 | 2023-01-20 | An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp. |
| CVE-2022-47012 | 2023-01-20 | Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21. |
| CVE-2022-47015 | 2023-01-20 | MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. |
| CVE-2022-47021 | 2023-01-20 | A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified... |
| CVE-2022-47024 | 2023-01-20 | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. |
| CVE-2022-47732 | 2023-01-20 | In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the... |
| CVE-2022-47747 | 2023-01-20 | kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. |
| CVE-2022-48120 | 2023-01-20 | SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php. |
| CVE-2022-48121 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. |
| CVE-2022-48122 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. |
| CVE-2022-48123 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. |
| CVE-2022-48124 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. |
| CVE-2022-48125 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. |
| CVE-2022-48126 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. |
| CVE-2022-48152 | 2023-01-20 | SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php. |
| CVE-2022-48279 | 2023-01-20 | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be... |
| CVE-2023-0101 | 2023-01-20 | A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or... |
| CVE-2023-0410 | 2023-01-20 | Cross-site Scripting (XSS) - Generic in builderio/qwik |
| CVE-2023-22331 | 2023-01-20 | Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. |
| CVE-2023-22334 | 2023-01-20 | Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a... |
| CVE-2023-22339 | 2023-01-20 | Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key... |
| CVE-2023-22373 | 2023-01-20 | Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information. |
| CVE-2023-22910 | 2023-01-20 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript... |
| CVE-2023-22912 | 2023-01-20 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing... |