CVE List - 2023 / January
Showing 2101 - 2200 of 2351 CVEs for January 2023 (Page 22 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-39812 | 2023-01-27 | Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST... |
| CVE-2022-39813 | 2023-01-27 | Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject... |
| CVE-2022-4139 | 2023-01-27 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local... |
| CVE-2022-4201 | 2023-01-27 | A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses... |
| CVE-2022-4205 | 2023-01-27 | In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. |
| CVE-2022-4255 | 2023-01-27 | An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email... |
| CVE-2022-4285 | 2023-01-27 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is... |
| CVE-2022-4335 | 2023-01-27 | A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect... |
| CVE-2022-43978 | 2023-01-27 | Limited Authentication bypass due to hardcoded secret |
| CVE-2022-43979 | 2023-01-27 | Path Traversal leading to Local File Inclusion |
| CVE-2022-43980 | 2023-01-27 | Cross-site scripting vulnerability in the network maps edit functionality |
| CVE-2022-44024 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. |
| CVE-2022-44025 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6. |
| CVE-2022-44026 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6. |
| CVE-2022-44027 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6. |
| CVE-2022-44028 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6. |
| CVE-2022-44029 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6. |
| CVE-2022-44298 | 2023-01-27 | SiteServer CMS 7.1.3 is vulnerable to SQL Injection. |
| CVE-2022-44715 | 2023-01-27 | Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. |
| CVE-2022-44717 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject... |
| CVE-2022-44718 | 2023-01-27 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject... |
| CVE-2022-46968 | 2023-01-27 | A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages. |
| CVE-2022-47632 | 2023-01-27 | Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do... |
| CVE-2022-48007 | 2023-01-27 | A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. |
| CVE-2022-48008 | 2023-01-27 | An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-48011 | 2023-01-27 | Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. |
| CVE-2022-48012 | 2023-01-27 | Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. |
| CVE-2022-48013 | 2023-01-27 | Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2022-48066 | 2023-01-27 | An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. |
| CVE-2022-48067 | 2023-01-27 | An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. |
| CVE-2022-48069 | 2023-01-27 | Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. |
| CVE-2022-48070 | 2023-01-27 | Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. |
| CVE-2022-48071 | 2023-01-27 | Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. |
| CVE-2022-48072 | 2023-01-27 | Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. |
| CVE-2022-48073 | 2023-01-27 | Phicomm K2G v22.6.3.20 was discovered to store the root and admin passwords in plaintext. |
| CVE-2022-48107 | 2023-01-27 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. |
| CVE-2022-48108 | 2023-01-27 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. |
| CVE-2022-48116 | 2023-01-27 | AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. |
| CVE-2022-48118 | 2023-01-27 | Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. |
| CVE-2023-22240 | 2023-01-27 | ZDI-CAN-19517: Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22241 | 2023-01-27 | ZDI-CAN-19516: Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22242 | 2023-01-27 | ZDI-CAN-19515: Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-23616 | 2023-01-27 | Discourse membership requests lack character limit |
| CVE-2023-23620 | 2023-01-27 | Discourse restricted tag routes leak topic information |
| CVE-2023-24060 | 2023-01-27 | Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary... |
| CVE-2023-22740 | 2023-01-27 | Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts |
| CVE-2023-0527 | 2023-01-27 | PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting |
| CVE-2023-0528 | 2023-01-27 | SourceCodester Online Tours & Travels Management System abc.php sql injection |
| CVE-2023-0529 | 2023-01-27 | SourceCodester Online Tours & Travels Management System add_payment.php sql injection |
| CVE-2023-0530 | 2023-01-27 | SourceCodester Online Tours & Travels Management System approve_user.php sql injection |
| CVE-2023-0531 | 2023-01-27 | SourceCodester Online Tours & Travels Management System booking_report.php sql injection |
| CVE-2023-0532 | 2023-01-27 | SourceCodester Online Tours & Travels Management System disapprove_user.php sql injection |
| CVE-2023-0533 | 2023-01-27 | SourceCodester Online Tours & Travels Management System expense_report.php sql injection |
| CVE-2023-0534 | 2023-01-27 | SourceCodester Online Tours & Travels Management System expense_report.php sql injection |
| CVE-2021-21395 | 2023-01-27 | Magneto-lts vulnerable to Cross-Site Request Forgery |
| CVE-2021-39217 | 2023-01-27 | OpenMage LTS arbitrary command execution in custom layout update through blocks |
| CVE-2021-41143 | 2023-01-27 | OpenMage LTS arbitrary file deletion in customer media allows for remote code execution |
| CVE-2021-41144 | 2023-01-27 | OpenMage LTS authenticated remote code execution through layout update |
| CVE-2021-41231 | 2023-01-27 | OpenMage LTS DataFlow upload remote code execution vulnerability |
| CVE-2023-0549 | 2023-01-27 | YAFNET Private Message PostPrivateMessage cross site scripting |
| CVE-2023-0550 | 2023-01-27 | The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu... |
| CVE-2023-0553 | 2023-01-27 | The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and... |
| CVE-2023-0554 | 2023-01-27 | The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on... |
| CVE-2023-0555 | 2023-01-27 | The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This... |
| CVE-2022-39380 | 2023-01-27 | wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering |
| CVE-2023-0556 | 2023-01-27 | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible... |
| CVE-2023-0557 | 2023-01-27 | The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the... |
| CVE-2023-0558 | 2023-01-27 | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This... |
| CVE-2022-39324 | 2023-01-27 | Grafana vulnerable to spoofing originalUrl of snapshots |
| CVE-2022-23552 | 2023-01-27 | Grafana stored XSS in FileUploader component |
| CVE-2023-22737 | 2023-01-27 | wire-server vulnerable to unauthorized removal of Bots from Conversations |
| CVE-2022-46359 | 2023-01-27 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. |
| CVE-2022-46358 | 2023-01-27 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. |
| CVE-2022-46357 | 2023-01-27 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. |
| CVE-2022-46356 | 2023-01-27 | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. |
| CVE-2023-23617 | 2023-01-27 | OpenMage LTS has DoS vulnerability in MaliciousCode filter |
| CVE-2023-23621 | 2023-01-27 | Discourse vulnerable to ReDoS in user agent parsing |
| CVE-2023-23624 | 2023-01-27 | Discourse's exclude_tags param could leak which topics had a specific hidden tag |
| CVE-2023-23627 | 2023-01-27 | Sanitize vulnerable to Cross-site Scripting via Improper neutralization of `noscript` element |
| CVE-2023-23628 | 2023-01-28 | Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2023-23629 | 2023-01-28 | Metabase subject to Improper Privilege Management |
| CVE-2023-0560 | 2023-01-28 | SourceCodester Online Tours & Travels Management System practice_pdf.php sql injection |
| CVE-2023-0561 | 2023-01-28 | SourceCodester Online Tours & Travels Management System s.php sql injection |
| CVE-2023-0562 | 2023-01-28 | PHPGurukul Bank Locker Management System Login index.php sql injection |
| CVE-2023-0563 | 2023-01-28 | PHPGurukul Bank Locker Management System Assign Locker add-locker-form.php cross site scripting |
| CVE-2021-4315 | 2023-01-28 | NYUCCL psiTurk experiment.py special elements used in a template engine |
| CVE-2022-48285 | 2023-01-29 | loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. |
| CVE-2021-46873 | 2023-01-29 | WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value,... |
| CVE-2023-0564 | 2023-01-29 | Weak Password Requirements in froxlor/froxlor |
| CVE-2023-0565 | 2023-01-29 | Business Logic Errors in froxlor/froxlor |
| CVE-2023-0566 | 2023-01-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor |
| CVE-2023-0569 | 2023-01-29 | Weak Password Requirements in publify/publify |
| CVE-2023-0572 | 2023-01-29 | Unchecked Error Condition in froxlor/froxlor |
| CVE-2023-24065 | 2023-01-29 | NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed... |
| CVE-2023-0570 | 2023-01-29 | SourceCodester Online Tours & Travels Management System payment_operation.php sql injection |
| CVE-2023-0571 | 2023-01-29 | SourceCodester Canteen Management System Add Customer createcustomer.php cross site scripting |
| CVE-2009-10003 | 2023-01-29 | capnsquarepants wordcraft tag.php cross site scripting |
| CVE-2016-15022 | 2023-01-29 | mosbth cimage check_system.php cross site scripting |
| CVE-2022-0223 | 2023-01-30 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to... |
| CVE-2022-22731 | 2023-01-30 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that... |