CVE List - 2023 / February
Showing 1 - 100 of 2164 CVEs for February 2023 (Page 1 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-47872 | 2023-02-01 | A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface... |
| CVE-2023-23126 | 2023-02-01 | Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy... |
| CVE-2023-23127 | 2023-02-01 | In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration... |
| CVE-2023-23130 | 2023-02-01 | Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by... |
| CVE-2021-22786 | 2023-02-01 | A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products:... |
| CVE-2022-2329 | 2023-02-01 | A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially... |
| CVE-2022-24324 | 2023-02-01 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially... |
| CVE-2022-30904 | 2023-02-01 | In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. |
| CVE-2022-31363 | 2023-02-01 | Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress... |
| CVE-2022-31364 | 2023-02-01 | Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress... |
| CVE-2022-31902 | 2023-02-01 | Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). |
| CVE-2022-37033 | 2023-02-01 | In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or... |
| CVE-2022-37034 | 2023-02-01 | In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in... |
| CVE-2022-4062 | 2023-02-01 | A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected... |
| CVE-2022-4206 | 2023-02-01 | A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report |
| CVE-2022-4254 | 2023-02-01 | sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters |
| CVE-2022-42970 | 2023-02-01 | A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected... |
| CVE-2022-42971 | 2023-02-01 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS... |
| CVE-2022-42972 | 2023-02-01 | A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online... |
| CVE-2022-42973 | 2023-02-01 | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows... |
| CVE-2022-45782 | 2023-02-01 | An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. |
| CVE-2022-45783 | 2023-02-01 | An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. |
| CVE-2022-46934 | 2023-02-01 | kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. |
| CVE-2022-47003 | 2023-02-01 | A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. |
| CVE-2022-47714 | 2023-02-01 | Last Yard 22.09.8-1 does not enforce HSTS headers |
| CVE-2022-47715 | 2023-02-01 | In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. |
| CVE-2022-47717 | 2023-02-01 | Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). |
| CVE-2022-47768 | 2023-02-01 | Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. |
| CVE-2022-47769 | 2023-02-01 | An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the... |
| CVE-2022-47770 | 2023-02-01 | Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. |
| CVE-2022-48093 | 2023-02-01 | Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. |
| CVE-2022-48094 | 2023-02-01 | lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. |
| CVE-2023-0454 | 2023-02-01 | OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an... |
| CVE-2023-0524 | 2023-02-01 | As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse... |
| CVE-2023-0587 | 2023-02-01 | A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated... |
| CVE-2023-0606 | 2023-02-01 | Cross-site Scripting (XSS) - Reflected in ampache/ampache |
| CVE-2023-0607 | 2023-02-01 | Cross-site Scripting (XSS) - Stored in projectsend/projectsend |
| CVE-2023-0608 | 2023-02-01 | Cross-site Scripting (XSS) - DOM in microweber/microweber |
| CVE-2023-0609 | 2023-02-01 | Improper Authorization in wallabag/wallabag |
| CVE-2023-0610 | 2023-02-01 | Improper Authorization in wallabag/wallabag |
| CVE-2023-20856 | 2023-02-01 | VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. |
| CVE-2023-23073 | 2023-02-01 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. |
| CVE-2023-23074 | 2023-02-01 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. |
| CVE-2023-23075 | 2023-02-01 | Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. |
| CVE-2023-23076 | 2023-02-01 | OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. |
| CVE-2023-23077 | 2023-02-01 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. |
| CVE-2023-23078 | 2023-02-01 | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. |
| CVE-2023-23128 | 2023-02-01 | Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no... |
| CVE-2023-23131 | 2023-02-01 | Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. |
| CVE-2023-23132 | 2023-02-01 | Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. |
| CVE-2023-23135 | 2023-02-01 | An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. |
| CVE-2023-23136 | 2023-02-01 | lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. |
| CVE-2023-23846 | 2023-02-01 | Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload... |
| CVE-2023-23969 | 2023-02-01 | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a... |
| CVE-2023-24610 | 2023-02-01 | NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected... |
| CVE-2023-25012 | 2023-02-01 | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. |
| CVE-2023-23630 | 2023-02-01 | Cross-site (XSS) vulnerability with Express API in Eta |
| CVE-2023-23928 | 2023-02-01 | reason-jose ignores signature checks |
| CVE-2022-34443 | 2023-02-01 | Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an... |
| CVE-2022-34400 | 2023-02-01 | Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. |
| CVE-2022-34459 | 2023-02-01 | Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could... |
| CVE-2022-34458 | 2023-02-01 | Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component.... |
| CVE-2022-45101 | 2023-02-01 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and... |
| CVE-2022-45095 | 2023-02-01 | Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this... |
| CVE-2022-45097 | 2023-02-01 | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. |
| CVE-2022-45096 | 2023-02-01 | Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. |
| CVE-2022-25916 | 2023-02-01 | Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. |
| CVE-2022-25906 | 2023-02-01 | All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. |
| CVE-2022-45098 | 2023-02-01 | Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2022-45099 | 2023-02-01 | Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise |
| CVE-2022-45100 | 2023-02-01 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. |
| CVE-2022-45102 | 2023-02-01 | Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values... |
| CVE-2022-32482 | 2023-02-01 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. |
| CVE-2022-34403 | 2023-02-01 | Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a... |
| CVE-2022-34396 | 2023-02-01 | Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of... |
| CVE-2022-34398 | 2023-02-01 | Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code... |
| CVE-2022-46679 | 2023-02-01 | Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2022-46756 | 2023-02-01 | Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the... |
| CVE-2023-24977 | 2023-02-01 | Apache InLong: Jdbc Connection causes arbitrary file reading in InLong |
| CVE-2023-23692 | 2023-02-01 | Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS... |
| CVE-2023-22572 | 2023-02-01 | Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to... |
| CVE-2023-22574 | 2023-02-01 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs... |
| CVE-2023-22573 | 2023-02-01 | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information... |
| CVE-2023-22575 | 2023-02-01 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information... |
| CVE-2023-0611 | 2023-02-01 | TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection |
| CVE-2023-0612 | 2023-02-01 | TRENDnet TEW-811DRU httpd basic.asp buffer overflow |
| CVE-2023-0613 | 2023-02-01 | TRENDnet TEW-811DRU httpd security.asp memory corruption |
| CVE-2023-24997 | 2023-02-01 | Apache InLong: Jdbc Connection Security Bypass |
| CVE-2023-0400 | 2023-02-01 | The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped... |
| CVE-2023-0617 | 2023-02-01 | TRENDNet TEW-811DRU httpd guestnetwork.asp buffer overflow |
| CVE-2023-0618 | 2023-02-01 | TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption |
| CVE-2022-43922 | 2023-02-01 | IBM App Connect Enterprise Certified Container information disclosure |
| CVE-2022-47983 | 2023-02-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-22281 | 2023-02-01 | BIG-IP AFM vulnerability |
| CVE-2023-22283 | 2023-02-01 | BIG-IP Edge Client for Windows vulnerability |
| CVE-2023-22302 | 2023-02-01 | BIG-IP HTTP profile vulnerability |
| CVE-2023-22323 | 2023-02-01 | BIG-IP SSL OCSP Authentication profile vulnerability |
| CVE-2023-22326 | 2023-02-01 | iControl REST and tmsh vulnerability |
| CVE-2023-22340 | 2023-02-01 | BIG-IP SIP profile vulnerability |
| CVE-2023-22341 | 2023-02-01 | BIG-IP APM OAuth vulnerability |