CVE List - 2023 / January
Showing 301 - 400 of 2351 CVEs for January 2023 (Page 4 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-47660 | 2023-01-05 | GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c |
| CVE-2022-47661 | 2023-01-05 | GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes |
| CVE-2022-47662 | 2023-01-05 | GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 |
| CVE-2022-47663 | 2023-01-05 | GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 |
| CVE-2023-0057 | 2023-01-05 | Improper Restriction of Rendered UI Layers or Frames in pyload/pyload |
| CVE-2023-22622 | 2023-01-05 | WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive... |
| CVE-2023-22626 | 2023-01-05 | PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the... |
| CVE-2022-45857 | 2023-01-05 | An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created... |
| CVE-2019-25095 | 2023-01-05 | kakwa LdapCherry URL cross site scripting |
| CVE-2019-25096 | 2023-01-05 | soerennb eXtplorer cross site scripting |
| CVE-2019-25097 | 2023-01-05 | soerennb eXtplorer Directory Content path traversal |
| CVE-2019-25098 | 2023-01-05 | soerennb eXtplorer Archive archive.php path traversal |
| CVE-2022-4869 | 2023-01-05 | Evolution Events Artaxerxes POST Parameter middleware.py information disclosure |
| CVE-2018-25064 | 2023-01-05 | OSM Lab show-me-the-way site.js cross site scripting |
| CVE-2016-15009 | 2023-01-05 | OpenACS bug-tracker Search nav-bar.adp cross-site request forgery |
| CVE-2016-15010 | 2023-01-05 | University of Cambridge django-ucamlookup Lookup cross site scripting |
| CVE-2021-4303 | 2023-01-05 | shannah Xataface Installer install_form.js.php testftp cross site scripting |
| CVE-2022-43932 | 2023-01-05 | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to... |
| CVE-2023-0077 | 2023-01-05 | Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. |
| CVE-2020-36640 | 2023-01-05 | bonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity reference |
| CVE-2022-4877 | 2023-01-05 | snoyberg keter Proxy.hs cross site scripting |
| CVE-2018-25065 | 2023-01-05 | Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php cross site scripting |
| CVE-2015-10013 | 2023-01-05 | WebDevStudios taxonomy-switcher Plugin taxonomy-switcher.php taxonomy_switcher_init cross site scripting |
| CVE-2021-4304 | 2023-01-05 | eprintsug ulcc-core toolbox command injection |
| CVE-2021-4305 | 2023-01-05 | Woorank robots-txt-guard patterns.js makePathPattern redos |
| CVE-2007-10001 | 2023-01-05 | web-cyradm search.php sql injection |
| CVE-2020-36641 | 2023-01-05 | gturri aXMLRPC ResponseParser.java ResponseParser xml external entity reference |
| CVE-2017-20162 | 2023-01-05 | vercel ms index.js parse redos |
| CVE-2014-125040 | 2023-01-05 | stevejagodzinski DevNewsAggregator RemoteHtmlContentDataAccess.php getByName sql injection |
| CVE-2015-10014 | 2023-01-05 | arekk uke finder.rb sql injection |
| CVE-2014-125041 | 2023-01-05 | Miccighel PR-CWT sql injection |
| CVE-2015-10015 | 2023-01-05 | glidernet ogn-live sql injection |
| CVE-2023-0086 | 2023-01-05 | The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save()... |
| CVE-2022-46168 | 2023-01-05 | Group SMTP user emails are exposed in CC email header |
| CVE-2022-43844 | 2023-01-05 | IBM Robotic Process Automation for Cloud Pak session fixation |
| CVE-2022-41740 | 2023-01-05 | IBM Robotic Process Automation information disclosure |
| CVE-2022-4432 | 2023-01-05 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. |
| CVE-2022-4433 | 2023-01-05 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. |
| CVE-2022-4434 | 2023-01-05 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure. |
| CVE-2022-4435 | 2023-01-05 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure. |
| CVE-2022-43573 | 2023-01-05 | IBM Robotic Process Automation information disclosure |
| CVE-2022-23546 | 2023-01-05 | Discourse vulnerable to private topic leak via email#send_digest |
| CVE-2023-0087 | 2023-01-05 | The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spm_plugin_options_page_tree_max_width’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and... |
| CVE-2023-0088 | 2023-01-05 | The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on... |
| CVE-2014-125044 | 2023-01-05 | soshtolsus wing-tight index.php file inclusion |
| CVE-2017-20163 | 2023-01-05 | Red Snapper NView Session.php mutate sql injection |
| CVE-2022-46177 | 2023-01-05 | Discourse password reset link can lead to in account takeover if user changes to a new email |
| CVE-2023-22453 | 2023-01-05 | Discourse vulnerable to exposure of user post counts per topic to unauthorized users |
| CVE-2023-22454 | 2023-01-05 | Discourse vulnerable to Cross-site Scripting through pending post titles descriptions |
| CVE-2023-22455 | 2023-01-05 | Discourse vulnerable to Cross-site Scripting through tag descriptions |
| CVE-2014-125045 | 2023-01-05 | meol1 index.php GetAnimal sql injection |
| CVE-2021-40341 | 2023-01-05 | Weak DES encryption |
| CVE-2021-40342 | 2023-01-05 | Use of default key for encryption |
| CVE-2022-3927 | 2023-01-05 | The affected products store public and private key that are used to sign and protect custom parameter set files from modification. |
| CVE-2022-3928 | 2023-01-05 | Hardcoded credential is found in the message queue |
| CVE-2022-3929 | 2023-01-05 | Communication between the client and server partially using CORBA over TCP/IP |
| CVE-2021-46867 | 2023-01-06 | The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. |
| CVE-2021-46868 | 2023-01-06 | The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. |
| CVE-2022-39072 | 2023-01-06 | There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the... |
| CVE-2022-39073 | 2023-01-06 | There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. |
| CVE-2022-40049 | 2023-01-06 | SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page. |
| CVE-2022-42979 | 2023-01-06 | Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link. |
| CVE-2022-44149 | 2023-01-06 | The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the... |
| CVE-2022-44870 | 2023-01-06 | A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD... |
| CVE-2022-44939 | 2023-01-06 | Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted... |
| CVE-2022-45911 | 2023-01-06 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before... |
| CVE-2022-45913 | 2023-01-06 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure. |
| CVE-2022-46761 | 2023-01-06 | The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. |
| CVE-2022-46762 | 2023-01-06 | The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-47974 | 2023-01-06 | The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. |
| CVE-2022-47975 | 2023-01-06 | The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-47976 | 2023-01-06 | The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. |
| CVE-2023-22671 | 2023-01-06 | Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. |
| CVE-2022-22079 | 2023-01-06 | Buffer Over-read in BOOT |
| CVE-2022-22088 | 2023-01-06 | Integer Overflow to Buffer Overflow in Bluetooth HOST |
| CVE-2022-25715 | 2023-01-06 | Incorrect type casting in Display driver |
| CVE-2022-25716 | 2023-01-06 | Time-of-check Time-of-use Race Condition in Multimedia Framework |
| CVE-2022-25717 | 2023-01-06 | Use-After-Free Issue in Display |
| CVE-2022-25923 | 2023-01-06 | Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. |
| CVE-2022-25721 | 2023-01-06 | Incorrect Type Conversion in Video driver |
| CVE-2022-25722 | 2023-01-06 | Information Exposure in DSP Services |
| CVE-2022-25725 | 2023-01-06 | Use-after-Free in MODEM |
| CVE-2022-25746 | 2023-01-06 | Buffer Copy Without Checking Size of Input in Kernel |
| CVE-2022-33218 | 2023-01-06 | Improper Input Validation in Automotive |
| CVE-2022-33219 | 2023-01-06 | Integer Overflow to Buffer Overflow in Automotive |
| CVE-2022-33252 | 2023-01-06 | Buffer over-read in WLAN |
| CVE-2022-33253 | 2023-01-06 | Buffer over-read in WLAN |
| CVE-2022-33255 | 2023-01-06 | Buffer over-read in Bluetooth HOST |
| CVE-2022-33265 | 2023-01-06 | Information exposure in Powerline Communication Firmware |
| CVE-2022-33266 | 2023-01-06 | Integer overflow to buffer overflow in Audio |
| CVE-2022-33274 | 2023-01-06 | Improper validation of array index in Android Core |
| CVE-2022-33276 | 2023-01-06 | Buffer copy without checking size of input in Modem |
| CVE-2022-33283 | 2023-01-06 | Buffer over-read in WLAN |
| CVE-2022-33284 | 2023-01-06 | Buffer over-read in WLAN |
| CVE-2022-33285 | 2023-01-06 | Buffer over-read in WLAN |
| CVE-2022-33286 | 2023-01-06 | Buffer over-read in WLAN |
| CVE-2022-33290 | 2023-01-06 | Null pointer dereference in Bluetooth HOST |
| CVE-2022-33299 | 2023-01-06 | Null pointer dereference in Bluetooth HOST |
| CVE-2022-33300 | 2023-01-06 | Improper input validation in Automotive Android OS |
| CVE-2022-40516 | 2023-01-06 | Stack-based buffer overflow in Core |