CVE List - 2023 / January
Showing 2201 - 2300 of 2351 CVEs for January 2023 (Page 23 of 24)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-22732 | 2023-01-30 | A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a... |
| CVE-2022-23334 | 2023-01-30 | The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. |
| CVE-2022-2988 | 2023-01-30 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0),... |
| CVE-2022-32512 | 2023-01-30 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized.... |
| CVE-2022-32513 | 2023-01-30 | A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation... |
| CVE-2022-32514 | 2023-01-30 | A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller -... |
| CVE-2022-32515 | 2023-01-30 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate... |
| CVE-2022-32516 | 2023-01-30 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected... |
| CVE-2022-32517 | 2023-01-30 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended... |
| CVE-2022-32518 | 2023-01-30 | A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique... |
| CVE-2022-32519 | 2023-01-30 | A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected... |
| CVE-2022-32520 | 2023-01-30 | A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique... |
| CVE-2022-32521 | 2023-01-30 | A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.... |
| CVE-2022-32522 | 2023-01-30 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted... |
| CVE-2022-32523 | 2023-01-30 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted... |
| CVE-2022-32524 | 2023-01-30 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted... |
| CVE-2022-32525 | 2023-01-30 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted... |
| CVE-2022-32526 | 2023-01-30 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted... |
| CVE-2022-32527 | 2023-01-30 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted... |
| CVE-2022-32528 | 2023-01-30 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service... |
| CVE-2022-32529 | 2023-01-30 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted... |
| CVE-2022-32747 | 2023-01-30 | A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the... |
| CVE-2022-32748 | 2023-01-30 | A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak... |
| CVE-2022-45788 | 2023-01-30 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project... |
| CVE-2022-45897 | 2023-01-30 | On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. |
| CVE-2022-46087 | 2023-01-30 | CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user. |
| CVE-2022-48006 | 2023-01-30 | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at... |
| CVE-2022-48175 | 2023-01-30 | Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. |
| CVE-2022-48176 | 2023-01-30 | Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. |
| CVE-2022-48303 | 2023-01-30 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been... |
| CVE-2023-22322 | 2023-01-30 | Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker,... |
| CVE-2023-22324 | 2023-01-30 | SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the... |
| CVE-2023-22332 | 2023-01-30 | Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0... |
| CVE-2023-22333 | 2023-01-30 | Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-24612 | 2023-01-30 | The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. |
| CVE-2023-24622 | 2023-01-30 | isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. |
| CVE-2023-24623 | 2023-01-30 | Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. |
| CVE-2022-27596 | 2023-01-30 | Vulnerability in QTS |
| CVE-2022-25967 | 2023-01-30 | Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:**... |
| CVE-2022-25936 | 2023-01-30 | Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. |
| CVE-2022-38451 | 2023-01-30 | A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP... |
| CVE-2022-42484 | 2023-01-30 | An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an... |
| CVE-2023-0266 | 2023-01-30 | Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel |
| CVE-2023-0240 | 2023-01-30 | Use after free in io_uring in the Linux Kernel |
| CVE-2023-0581 | 2023-01-30 | The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to... |
| CVE-2022-26872 | 2023-01-30 | Password reset interception via API |
| CVE-2023-24830 | 2023-01-30 | Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization |
| CVE-2022-3990 | 2023-01-30 | HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. |
| CVE-2022-4776 | 2023-01-30 | CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4306 | 2023-01-30 | Panda Pods Repeater Field < 1.5.4 - Reflected XSS |
| CVE-2022-4828 | 2023-01-30 | Bold Timeline Lite < 1.1.5 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4794 | 2023-01-30 | AAWP < 3.12.3 - Unsafe URL Handling |
| CVE-2023-0071 | 2023-01-30 | WP Tabs < 2.1.17 - Contributor+ Stored XSS |
| CVE-2022-4872 | 2023-01-30 | WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no' |
| CVE-2022-4472 | 2023-01-30 | Simple Sitemap < 3.5.8 - Contributor+ Stored XSS |
| CVE-2022-4649 | 2023-01-30 | WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4496 | 2023-01-30 | miniOrange WordPress SAML SSO multiple versions - Open Redirect in SSO login |
| CVE-2022-4654 | 2023-01-30 | Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4793 | 2023-01-30 | Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4834 | 2023-01-30 | CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4835 | 2023-01-30 | Social Sharing Toolkit <= 2.6 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4792 | 2023-01-30 | News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4395 | 2023-01-30 | Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload |
| CVE-2022-4680 | 2023-01-30 | Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection |
| CVE-2022-4553 | 2023-01-30 | FL3R FeelBox <= 8.1 - Moods Reset via CSRF |
| CVE-2022-4787 | 2023-01-30 | Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0074 | 2023-01-30 | WP Social Widget < 2.2.4 - Contributor+ Stored XSS |
| CVE-2022-4699 | 2023-01-30 | MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0097 | 2023-01-30 | Post Grid, Post Carousel, & List Category Posts < 2.4.19 - Contributor+ Stored XSS |
| CVE-2022-4837 | 2023-01-30 | CPO Companion < 1.1.0 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4749 | 2023-01-30 | Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4765 | 2023-01-30 | Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4552 | 2023-01-30 | FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS |
| CVE-2022-4781 | 2023-01-30 | Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-0033 | 2023-01-30 | PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4651 | 2023-01-30 | Justified Gallery < 1.7.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4831 | 2023-01-30 | Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4470 | 2023-01-30 | Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS |
| CVE-2022-4763 | 2023-01-30 | Icon Widget < 1.3.0 - Contributor+ Stored XSS via Shortcode |
| CVE-2022-4671 | 2023-01-30 | PixCodes < 2.3.7 - Contributor+ Stored XSS in Shortcode |
| CVE-2022-4667 | 2023-01-30 | RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS |
| CVE-2022-27538 | 2023-01-30 | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.... |
| CVE-2021-3808 | 2023-01-30 | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these... |
| CVE-2021-3809 | 2023-01-30 | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these... |
| CVE-2022-40134 | 2023-01-30 | An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. |
| CVE-2022-40135 | 2023-01-30 | An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. |
| CVE-2022-40136 | 2023-01-30 | An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read... |
| CVE-2022-27537 | 2023-01-30 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP... |
| CVE-2022-40137 | 2023-01-30 | A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. |
| CVE-2022-34884 | 2023-01-30 | A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. |
| CVE-2022-23453 | 2023-01-30 | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. |
| CVE-2022-23454 | 2023-01-30 | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. |
| CVE-2022-23455 | 2023-01-30 | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. |
| CVE-2021-3439 | 2023-01-30 | HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. |
| CVE-2022-34888 | 2023-01-30 | The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls,... |
| CVE-2022-34885 | 2023-01-30 | An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. |
| CVE-2023-24020 | 2023-01-30 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. |
| CVE-2023-22315 | 2023-01-30 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed... |
| CVE-2023-22389 | 2023-01-30 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user... |
| CVE-2023-23582 | 2023-01-30 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. |