CVE List - 2023 / January
Showing 1701 - 1800 of 2351 CVEs for January 2023 (Page 18 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-4474 | 2023-01-23 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS |
| CVE-2022-3811 | 2023-01-23 | EU Cookie Law <= 3.1.6 - Admin+ Stored XSS |
| CVE-2022-4383 | 2023-01-23 | CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQLi |
| CVE-2022-4751 | 2023-01-23 | Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4706 | 2023-01-23 | Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4545 | 2023-01-23 | Sitemap < 4.4 - Contributor+ Stored XSS |
| CVE-2022-4230 | 2023-01-23 | WP Statistics < 13.2.9 - Authenticated SQLi |
| CVE-2022-3425 | 2023-01-23 | Google Analyticator < 6.5.6 - Admin+ PHP Object Injection |
| CVE-2022-4509 | 2023-01-23 | Content Control < 1.1.10 - Contributor+ Stored XSS |
| CVE-2022-4548 | 2023-01-23 | Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF |
| CVE-2022-4323 | 2023-01-23 | Google Analyticator < 6.5.6 - Admin+ PHP Object Injection |
| CVE-2022-4753 | 2023-01-23 | Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4303 | 2023-01-23 | WP Limit Login Attempts <= 2.6.4 - IP Spoofing |
| CVE-2022-4790 | 2023-01-23 | WP Google My Business Auto Publish < 3.4 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4627 | 2023-01-23 | ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode |
| CVE-2022-4467 | 2023-01-23 | Search & Filter < 1.2.16 - Contributor+ Stored XSS |
| CVE-2022-4758 | 2023-01-23 | 10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4693 | 2023-01-23 | User Verification < 1.0.94 - Authentication Bypass |
| CVE-2022-4017 | 2023-01-23 | Booster for WooCommerce - Multiple CSRF |
| CVE-2022-4650 | 2023-01-23 | HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4715 | 2023-01-23 | Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode |
| CVE-2022-4305 | 2023-01-23 | Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin |
| CVE-2022-4485 | 2023-01-23 | Page-list < 5.3 - Contributor+ Stored XSS |
| CVE-2022-4542 | 2023-01-23 | Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS |
| CVE-2021-24837 | 2023-01-23 | Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting |
| CVE-2022-4718 | 2023-01-23 | Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode |
| CVE-2022-4775 | 2023-01-23 | GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-0316 | 2023-01-23 | Multiple themes - Unauthenticated Arbitrary File Upload |
| CVE-2022-1890 | 2023-01-23 | A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
| CVE-2022-1891 | 2023-01-23 | A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
| CVE-2022-1892 | 2023-01-23 | A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
| CVE-2022-3430 | 2023-01-23 | A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM... |
| CVE-2023-0446 | 2023-01-23 | The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and... |
| CVE-2022-3432 | 2023-01-23 | A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot... |
| CVE-2023-0447 | 2023-01-23 | The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This... |
| CVE-2022-4816 | 2023-01-23 | A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application. |
| CVE-2023-22721 | 2023-01-23 | WordPress Oi Yandex.Maps for WordPress Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23687 | 2023-01-23 | WordPress Youtube shortcode Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23824 | 2023-01-23 | WordPress WP TopBar Plugin <= 5.36 is vulnerable to SQL Injection |
| CVE-2023-22483 | 2023-01-23 | cmark-gfm Quadratic complexity bugs may lead to a denial of service |
| CVE-2023-22484 | 2023-01-23 | Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service |
| CVE-2022-4554 | 2023-01-24 | Reflected XSS B2B Dealer Ordering System |
| CVE-2023-0471 | 2023-01-24 | Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-0472 | 2023-01-24 | Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-0473 | 2023-01-24 | Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-0474 | 2023-01-24 | Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2023-24451 | 2023-01-24 | A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2021-28510 | 2023-01-24 | For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable. |
| CVE-2022-20213 | 2023-01-24 | In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction... |
| CVE-2022-20214 | 2023-01-24 | In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without... |
| CVE-2022-20215 | 2023-01-24 | In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User... |
| CVE-2022-20235 | 2023-01-24 | The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18... |
| CVE-2022-20456 | 2023-01-24 | In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2022-20458 | 2023-01-24 | The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the... |
| CVE-2022-20461 | 2023-01-24 | In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution... |
| CVE-2022-20489 | 2023-01-24 | In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20490 | 2023-01-24 | In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20492 | 2023-01-24 | In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20493 | 2023-01-24 | In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-20494 | 2023-01-24 | In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction... |
| CVE-2022-26329 | 2023-01-24 | File existence disclosue vulnerability in IDM plugin |
| CVE-2022-27507 | 2023-01-24 | Authenticated denial of service |
| CVE-2022-27508 | 2023-01-24 | Unauthenticated denial of service |
| CVE-2022-3478 | 2023-01-24 | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It... |
| CVE-2022-3482 | 2023-01-24 | An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to... |
| CVE-2022-3572 | 2023-01-24 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible... |
| CVE-2022-3740 | 2023-01-24 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may... |
| CVE-2022-3820 | 2023-01-24 | An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package... |
| CVE-2022-38774 | 2023-01-24 | An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the... |
| CVE-2022-38775 | 2023-01-24 | An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. |
| CVE-2022-3902 | 2023-01-24 | An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It... |
| CVE-2022-40036 | 2023-01-24 | An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. |
| CVE-2022-40037 | 2023-01-24 | An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. |
| CVE-2022-4054 | 2023-01-24 | An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It... |
| CVE-2022-4092 | 2023-01-24 | An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of... |
| CVE-2022-45639 | 2023-01-24 | OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because... |
| CVE-2022-47040 | 2023-01-24 | An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets... |
| CVE-2022-47042 | 2023-01-24 | MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. |
| CVE-2022-47100 | 2023-01-24 | A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame. |
| CVE-2022-48199 | 2023-01-24 | SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function... |
| CVE-2023-0394 | 2023-01-24 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. |
| CVE-2023-0411 | 2023-01-24 | Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
| CVE-2023-0412 | 2023-01-24 | TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
| CVE-2023-0413 | 2023-01-24 | Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
| CVE-2023-0414 | 2023-01-24 | Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file |
| CVE-2023-0415 | 2023-01-24 | iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
| CVE-2023-0416 | 2023-01-24 | GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
| CVE-2023-0417 | 2023-01-24 | Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file |
| CVE-2023-0444 | 2023-01-24 | A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another... |
| CVE-2023-0448 | 2023-01-24 | The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. |
| CVE-2023-20904 | 2023-01-24 | In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no... |
| CVE-2023-20905 | 2023-01-24 | In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20908 | 2023-01-24 | In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2023-20912 | 2023-01-24 | In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege... |
| CVE-2023-20913 | 2023-01-24 | In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead... |
| CVE-2023-20915 | 2023-01-24 | In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local... |
| CVE-2023-20916 | 2023-01-24 | In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local... |
| CVE-2023-20919 | 2023-01-24 | In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no... |
| CVE-2023-20920 | 2023-01-24 | In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20921 | 2023-01-24 | In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with... |