CVE List - 2023 / January
Showing 101 - 200 of 2351 CVEs for January 2023 (Page 2 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-32824 | 2023-01-03 | Regular expression Denial of Service in MooTools |
| CVE-2022-32623 | 2023-01-03 | In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32635 | 2023-01-03 | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2022-32636 | 2023-01-03 | In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32637 | 2023-01-03 | In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-32638 | 2023-01-03 | In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32639 | 2023-01-03 | In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-32640 | 2023-01-03 | In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-32641 | 2023-01-03 | In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2022-32644 | 2023-01-03 | In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32645 | 2023-01-03 | In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed... |
| CVE-2022-32646 | 2023-01-03 | In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32647 | 2023-01-03 | In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2022-32648 | 2023-01-03 | In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32649 | 2023-01-03 | In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32650 | 2023-01-03 | In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32651 | 2023-01-03 | In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32652 | 2023-01-03 | In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32653 | 2023-01-03 | In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32657 | 2023-01-03 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32658 | 2023-01-03 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32659 | 2023-01-03 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32664 | 2023-01-03 | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is... |
| CVE-2022-32665 | 2023-01-03 | In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2022-3614 | 2023-01-03 | In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect... |
| CVE-2022-36943 | 2023-01-03 | SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening... |
| CVE-2022-38627 | 2023-01-03 | Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter. |
| CVE-2022-38723 | 2023-01-03 | Gravitee API Management before 3.15.13 allows path traversal through HTML injection. |
| CVE-2022-38766 | 2023-01-03 | The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack. |
| CVE-2022-39039 | 2023-01-03 | aEnrich a+HRD - Server-Side Request Forgery (SSRF) |
| CVE-2022-39040 | 2023-01-03 | aEnrich a+HRD - Path Traversal |
| CVE-2022-39041 | 2023-01-03 | aEnrich a+HRD - SQL Injection |
| CVE-2022-39042 | 2023-01-03 | aEnrich a+HRD - Improper Authentication |
| CVE-2022-40740 | 2023-01-03 | Realtek GPON router - Command Injection |
| CVE-2022-41645 | 2023-01-03 | Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project... |
| CVE-2022-42710 | 2023-01-03 | Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS). |
| CVE-2022-43436 | 2023-01-03 | HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File Upload |
| CVE-2022-43437 | 2023-01-03 | HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - SQL Injection |
| CVE-2022-43438 | 2023-01-03 | HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization |
| CVE-2022-43448 | 2023-01-03 | Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to... |
| CVE-2022-45867 | 2023-01-03 | MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution. |
| CVE-2022-46304 | 2023-01-03 | ChangingTec ServiSign - Command Injection |
| CVE-2022-46305 | 2023-01-03 | ChangingTec ServiSign - Path Traversal |
| CVE-2022-46306 | 2023-01-03 | ChangingTec ServiSign - Path Traversal |
| CVE-2022-46309 | 2023-01-03 | Galaxy Software Services Corporation. Vitals ESP - Arbitrary Path File Reading |
| CVE-2022-46360 | 2023-01-03 | Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to... |
| CVE-2022-47317 | 2023-01-03 | Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project... |
| CVE-2022-47618 | 2023-01-03 | Merit Lilin Ent. Co., Ltd. AH55B04 & AH55B08 DVR - Hard-coded Credentials |
| CVE-2022-47908 | 2023-01-03 | Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted... |
| CVE-2022-43931 | 2023-01-03 | Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2012-10002 | 2023-01-03 | ahmyi RivetTracker css.php changeColor cross site scripting |
| CVE-2015-10012 | 2023-01-03 | sumocoders FrameworkUserBundle login.html.twig information exposure |
| CVE-2013-10007 | 2023-01-03 | ethitter WP-Print-Friendly wp-print-friendly.php information disclosure |
| CVE-2022-4871 | 2023-01-03 | ummmmm nflpick-em.com LoadUsers.php _Load_Users sql injection |
| CVE-2012-10003 | 2023-01-03 | ahmyi RivetTracker cross site scripting |
| CVE-2022-4663 | 2023-01-03 | The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to... |
| CVE-2023-0038 | 2023-01-03 | The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient... |
| CVE-2022-35845 | 2023-01-03 | Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow... |
| CVE-2022-41336 | 2023-01-03 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a... |
| CVE-2022-42471 | 2023-01-03 | An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20... |
| CVE-2022-39947 | 2023-01-03 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0... |
| CVE-2022-45143 | 2023-01-03 | Apache Tomcat: JsonErrorReportValve escaping |
| CVE-2023-22456 | 2023-01-03 | ViewVC XSS vulnerability in revision view changed paths |
| CVE-2022-37933 | 2023-01-03 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made... |
| CVE-2022-37934 | 2023-01-03 | A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820... |
| CVE-2022-43519 | 2023-01-03 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.... |
| CVE-2022-43520 | 2023-01-03 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.... |
| CVE-2022-43521 | 2023-01-03 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.... |
| CVE-2022-43522 | 2023-01-03 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.... |
| CVE-2022-43523 | 2023-01-03 | Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance.... |
| CVE-2022-43524 | 2023-01-03 | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user... |
| CVE-2022-43525 | 2023-01-03 | Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the... |
| CVE-2022-43526 | 2023-01-03 | Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the... |
| CVE-2022-43527 | 2023-01-03 | Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the... |
| CVE-2022-43528 | 2023-01-03 | Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and... |
| CVE-2022-43529 | 2023-01-03 | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event.... |
| CVE-2022-44534 | 2023-01-03 | A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker... |
| CVE-2022-44535 | 2023-01-03 | A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote low-privileged authenticated users to escalate their privileges to those of an administrative user. A successful exploit could... |
| CVE-2022-43530 | 2023-01-03 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could... |
| CVE-2022-43531 | 2023-01-03 | Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could... |
| CVE-2022-43532 | 2023-01-03 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of... |
| CVE-2022-43533 | 2023-01-03 | A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute... |
| CVE-2022-43534 | 2023-01-03 | A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute... |
| CVE-2022-43535 | 2023-01-03 | A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute... |
| CVE-2022-43536 | 2023-01-03 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary... |
| CVE-2022-23506 | 2023-01-03 | Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds |
| CVE-2022-43537 | 2023-01-03 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary... |
| CVE-2022-43538 | 2023-01-03 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary... |
| CVE-2022-43539 | 2023-01-03 | A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow... |
| CVE-2022-43540 | 2023-01-03 | A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an... |
| CVE-2022-2967 | 2023-01-03 | Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user... |
| CVE-2022-42435 | 2023-01-03 | IBM Business Automation Workflow cross-site request forgery |
| CVE-2022-48217 | 2023-01-04 | The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior.... |
| CVE-2022-38678 | 2023-01-04 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. |
| CVE-2022-38682 | 2023-01-04 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. |
| CVE-2022-38683 | 2023-01-04 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. |
| CVE-2022-38684 | 2023-01-04 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. |
| CVE-2022-39081 | 2023-01-04 | In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. |
| CVE-2022-39082 | 2023-01-04 | In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. |
| CVE-2022-39083 | 2023-01-04 | In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. |