CVE List - 2023 / February
Showing 1201 - 1300 of 2164 CVEs for February 2023 (Page 13 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-40016 | 2023-02-15 | Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service. |
| CVE-2022-42455 | 2023-02-15 | ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to... |
| CVE-2022-45153 | 2023-02-15 | saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls |
| CVE-2022-45154 | 2023-02-15 | supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh |
| CVE-2022-45436 | 2023-02-15 | Stored cross-site scripting vulnerability in network maps editor feature |
| CVE-2022-45437 | 2023-02-15 | Stored cross-site scripting vulnerability in the reporting dashboard module |
| CVE-2022-45543 | 2023-02-15 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. |
| CVE-2022-45546 | 2023-02-15 | Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. |
| CVE-2022-45586 | 2023-02-15 | Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. |
| CVE-2022-45587 | 2023-02-15 | Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. |
| CVE-2022-46892 | 2023-02-15 | In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. |
| CVE-2022-47372 | 2023-02-15 | Stored cross-site scripting vulnerability in create event section |
| CVE-2022-47373 | 2023-02-15 | Reflected Cross Site Scripting in Search Functionality of Module Library |
| CVE-2022-47503 | 2023-02-15 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability |
| CVE-2022-47504 | 2023-02-15 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability |
| CVE-2022-47506 | 2023-02-15 | SolarWinds Platform Directory Traversal Vulnerability |
| CVE-2022-47507 | 2023-02-15 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability |
| CVE-2022-47508 | 2023-02-15 | Disable NTLM: SAM 2022.4 |
| CVE-2023-0361 | 2023-02-15 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a... |
| CVE-2023-20927 | 2023-02-15 | In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20949 | 2023-02-15 | In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-22368 | 2023-02-15 | Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2023-22377 | 2023-02-15 | Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If... |
| CVE-2023-22855 | 2023-02-15 | Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without... |
| CVE-2023-23458 | 2023-02-15 | Sunell DVR – Exposure of Sensitive Information |
| CVE-2023-23459 | 2023-02-15 | Priority Windows – Command Execution via SQL Injection |
| CVE-2023-23460 | 2023-02-15 | Priority Web – Authentication bypass |
| CVE-2023-23461 | 2023-02-15 | Libpeconv – access violation |
| CVE-2023-23462 | 2023-02-15 | Libpeconv – integer overflow |
| CVE-2023-23463 | 2023-02-15 | Sunell DVR – Insufficiently Protected Credentials |
| CVE-2023-23464 | 2023-02-15 | Media CP Media Control Panel – Information Disclosure |
| CVE-2023-23465 | 2023-02-15 | Media CP Media Control Panel – CSRF |
| CVE-2023-23466 | 2023-02-15 | Media CP Media Control Panel – insufficiently protected credential change |
| CVE-2023-23467 | 2023-02-15 | Media CP Media Control Panel – Reflected XSS |
| CVE-2023-23836 | 2023-02-15 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability |
| CVE-2023-23847 | 2023-02-15 | A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another... |
| CVE-2023-23848 | 2023-02-15 | Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another... |
| CVE-2023-23850 | 2023-02-15 | A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2023-24498 | 2023-02-15 | Netgear ProSAFE 24 Port 10/100 FS726TP - CWE-522: Insufficiently Protected Credentials. |
| CVE-2023-24499 | 2023-02-15 | Butterfly Button plugin may leave traces of its use on user's device |
| CVE-2023-24580 | 2023-02-15 | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts)... |
| CVE-2023-25011 | 2023-02-15 | PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. |
| CVE-2023-25156 | 2023-02-15 | Kiwi TCMS has no protection against brute-force attacks on login page |
| CVE-2023-25171 | 2023-02-15 | Kiwi TCMS has denial of service vulnerability on Password reset page |
| CVE-2023-25191 | 2023-02-15 | AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. |
| CVE-2023-25192 | 2023-02-15 | AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. |
| CVE-2023-25761 | 2023-02-15 | Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control... |
| CVE-2023-25762 | 2023-02-15 | Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS)... |
| CVE-2023-25763 | 2023-02-15 | Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to... |
| CVE-2023-25764 | 2023-02-15 | Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting... |
| CVE-2023-25765 | 2023-02-15 | In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to... |
| CVE-2023-25766 | 2023-02-15 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2023-25767 | 2023-02-15 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. |
| CVE-2023-25768 | 2023-02-15 | A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. |
| CVE-2022-25978 | 2023-02-15 | All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript:... |
| CVE-2022-42735 | 2023-02-15 | Apache ShenYu Admin ultra vires |
| CVE-2023-0840 | 2023-02-15 | PHPCrazy cross site scripting |
| CVE-2023-0841 | 2023-02-15 | GPAC reframe_mp3.c mp3_dmx_process heap-based overflow |
| CVE-2023-25578 | 2023-02-15 | Starlite DoS vulnerability when parsing multipart request body |
| CVE-2023-0102 | 2023-02-15 | CVE-2023-0102 |
| CVE-2023-0103 | 2023-02-15 | CVE-2023-0103 |
| CVE-2023-22803 | 2023-02-15 | CVE-2023-22803 |
| CVE-2023-22804 | 2023-02-15 | CVE-2023-22804 |
| CVE-2023-22805 | 2023-02-15 | CVE-2023-22805 |
| CVE-2023-22806 | 2023-02-15 | CVE-2023-22806 |
| CVE-2023-22807 | 2023-02-15 | CVE-2023-22807 |
| CVE-2023-0848 | 2023-02-15 | Netgear WNDR3700v2 Web Management Interface denial of service |
| CVE-2023-0849 | 2023-02-15 | Netgear WNDR3700v2 Web Interface command injection |
| CVE-2023-0850 | 2023-02-15 | Netgear WNDR3700v2 Web Interface denial of service |
| CVE-2019-17003 | 2023-02-16 | Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. |
| CVE-2020-12413 | 2023-02-16 | The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites. |
| CVE-2020-6817 | 2023-02-16 | bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to... |
| CVE-2021-0187 | 2023-02-16 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. |
| CVE-2021-23980 | 2023-02-16 | A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe,... |
| CVE-2021-40555 | 2023-02-16 | Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. |
| CVE-2021-43529 | 2023-02-16 | Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when... |
| CVE-2022-0637 | 2023-02-16 | open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 |
| CVE-2022-27890 | 2023-02-16 | It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could... |
| CVE-2022-27891 | 2023-02-16 | Palantir Gotham included an unauthenticated endpoint that listed all active usernames in the platform with an active session. |
| CVE-2022-27892 | 2023-02-16 | Palantir Gotham included an endpoint that would log arbitrary sized payloads. |
| CVE-2022-27897 | 2023-02-16 | Palantir Gotham included an endpoint that would log arbitrary sized zip files. |
| CVE-2022-38731 | 2023-02-16 | Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which... |
| CVE-2022-40080 | 2023-02-16 | Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE... |
| CVE-2022-43969 | 2023-02-16 | Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. |
| CVE-2022-44299 | 2023-02-16 | SiteServerCMS 7.1.3 sscms has a file read vulnerability. |
| CVE-2022-47703 | 2023-02-16 | TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513. |
| CVE-2022-48306 | 2023-02-16 | Gotham Chat IRC help does not validate hostnames in TLS certificates |
| CVE-2022-48307 | 2023-02-16 | It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could... |
| CVE-2022-48308 | 2023-02-16 | It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could... |
| CVE-2022-48324 | 2023-02-16 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) pesquisa, (2) data, (3) data2, (4) nome, (5) descricao, (6)... |
| CVE-2022-48325 | 2023-02-16 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6)... |
| CVE-2022-48326 | 2023-02-16 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) nome, (2) aCliente, (3) eCliente, (4) dCliente, (5) vCliente, (6)... |
| CVE-2022-48327 | 2023-02-16 | Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) dataInicial, (2) dataFinal, (3) tipocliente, (4) format, (5) precoInicial, (6)... |
| CVE-2023-0860 | 2023-02-16 | Improper Restriction of Excessive Authentication Attempts in modoboa/modoboa-installer |
| CVE-2023-0866 | 2023-02-16 | Heap-based Buffer Overflow in gpac/gpac |
| CVE-2023-22380 | 2023-02-16 | Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site |
| CVE-2023-23558 | 2023-02-16 | In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can... |
| CVE-2023-23926 | 2023-02-16 | APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0... |
| CVE-2023-24236 | 2023-02-16 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. |
| CVE-2023-24238 | 2023-02-16 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. |