CVE List - 2023 / February
Showing 1301 - 1400 of 2164 CVEs for February 2023 (Page 14 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-24483 | 2023-02-16 | Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA |
| CVE-2023-24484 | 2023-02-16 | A malicious user can cause log files to be written to a directory that they do not have permission to write to. |
| CVE-2023-24485 | 2023-02-16 | Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows |
| CVE-2023-0567 | 2023-02-16 | password_verify() always returns true for some invalid hashes |
| CVE-2023-0662 | 2023-02-16 | DoS vulnerability when parsing multipart request body |
| CVE-2023-0568 | 2023-02-16 | Array overrun in common path resolve code |
| CVE-2023-0861 | 2023-02-16 | Authenticated Command Injection in NetModule NSRW |
| CVE-2023-0862 | 2023-02-16 | Path Traversal in NetModule NSRW |
| CVE-2023-25153 | 2023-02-16 | containerd OCI image importer memory exhaustion |
| CVE-2023-25173 | 2023-02-16 | containerd supplementary groups are not set up properly |
| CVE-2023-22580 | 2023-02-16 | Sequalize - Bad query filtering leading to SQL errors |
| CVE-2023-22578 | 2023-02-16 | Sequalize - Default support for “raw attributes” when using parentheses |
| CVE-2023-22579 | 2023-02-16 | Sequalize - Unsafe fall-through in getWhereConditions |
| CVE-2022-3843 | 2023-02-16 | WAGO: Exposure of configuration interface in unmanaged switches |
| CVE-2023-20032 | 2023-02-16 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and... |
| CVE-2023-20014 | 2023-02-16 | A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to... |
| CVE-2023-20009 | 2023-02-16 | A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker... |
| CVE-2023-20075 | 2023-02-16 | Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI.... |
| CVE-2023-20052 | 2023-02-16 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier,... |
| CVE-2022-20952 | 2023-02-16 | A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to... |
| CVE-2023-20053 | 2023-02-16 | A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based... |
| CVE-2023-20085 | 2023-02-16 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of... |
| CVE-2023-23752 | 2023-02-16 | [20230201] - Core - Improper access check in webservice endpoints |
| CVE-2023-24807 | 2023-02-16 | Undici vulnerable to Regular Expression Denial of Service in Headers |
| CVE-2023-23936 | 2023-02-16 | CRLF Injection in Nodejs ‘undici’ via host |
| CVE-2023-23947 | 2023-02-16 | Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets |
| CVE-2022-41335 | 2023-02-16 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10,... |
| CVE-2022-43954 | 2023-02-16 | An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in... |
| CVE-2022-30303 | 2023-02-16 | An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated... |
| CVE-2022-30300 | 2023-02-16 | A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data... |
| CVE-2021-43074 | 2023-02-16 | An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8... |
| CVE-2022-30299 | 2023-02-16 | A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow... |
| CVE-2021-42761 | 2023-02-16 | A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0... |
| CVE-2021-42756 | 2023-02-16 | Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions... |
| CVE-2023-25602 | 2023-02-16 | A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier,... |
| CVE-2023-23780 | 2023-02-16 | A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically... |
| CVE-2023-23784 | 2023-02-16 | A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. |
| CVE-2023-23783 | 2023-02-16 | A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. |
| CVE-2023-23782 | 2023-02-16 | A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker... |
| CVE-2023-23781 | 2023-02-16 | A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary... |
| CVE-2022-33871 | 2023-02-16 | A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands... |
| CVE-2022-30306 | 2023-02-16 | A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to... |
| CVE-2023-23779 | 2023-02-16 | Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may... |
| CVE-2023-23778 | 2023-02-16 | A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access... |
| CVE-2022-38375 | 2023-02-16 | An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted... |
| CVE-2022-38376 | 2023-02-16 | Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted... |
| CVE-2022-30304 | 2023-02-16 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored... |
| CVE-2022-39948 | 2023-02-16 | An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all... |
| CVE-2022-41334 | 2023-02-16 | An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a... |
| CVE-2022-38378 | 2023-02-16 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to... |
| CVE-2022-27489 | 2023-02-16 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code... |
| CVE-2022-27482 | 2023-02-16 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows... |
| CVE-2022-40678 | 2023-02-16 | An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow... |
| CVE-2022-39954 | 2023-02-16 | An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11,... |
| CVE-2022-40675 | 2023-02-16 | Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may... |
| CVE-2022-39952 | 2023-02-16 | A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through... |
| CVE-2022-40677 | 2023-02-16 | A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through... |
| CVE-2022-42472 | 2023-02-16 | A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through... |
| CVE-2022-40683 | 2023-02-16 | A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands |
| CVE-2023-22638 | 2023-02-16 | Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and... |
| CVE-2022-26115 | 2023-02-16 | A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing... |
| CVE-2022-29054 | 2023-02-16 | A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x... |
| CVE-2022-33869 | 2023-02-16 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized... |
| CVE-2023-25653 | 2023-02-16 | Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) |
| CVE-2023-0475 | 2023-02-16 | Go-Getter Vulnerable to Decompression Bombs |
| CVE-2022-25987 | 2023-02-16 | Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an... |
| CVE-2022-26843 | 2023-02-16 | Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to... |
| CVE-2022-25992 | 2023-02-16 | Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26512 | 2023-02-16 | Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-26345 | 2023-02-16 | Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26062 | 2023-02-16 | Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege... |
| CVE-2022-25905 | 2023-02-16 | Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of... |
| CVE-2022-26425 | 2023-02-16 | Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of... |
| CVE-2022-26076 | 2023-02-16 | Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26032 | 2023-02-16 | Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege... |
| CVE-2022-26421 | 2023-02-16 | Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26052 | 2023-02-16 | Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-26509 | 2023-02-16 | Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-26841 | 2023-02-16 | Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-21216 | 2023-02-16 | Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent... |
| CVE-2022-33892 | 2023-02-16 | Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-33902 | 2023-02-16 | Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26840 | 2023-02-16 | Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-32570 | 2023-02-16 | Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-26888 | 2023-02-16 | Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2022-26343 | 2023-02-16 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-30539 | 2023-02-16 | Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-32231 | 2023-02-16 | Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-26837 | 2023-02-16 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-30704 | 2023-02-16 | Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2022-36348 | 2023-02-16 | Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36794 | 2023-02-16 | Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-30339 | 2023-02-16 | Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2022-30530 | 2023-02-16 | Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-32764 | 2023-02-16 | Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36278 | 2023-02-16 | Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-34153 | 2023-02-16 | Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36398 | 2023-02-16 | Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-30531 | 2023-02-16 | Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-34849 | 2023-02-16 | Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access. |