CVE List - 2023 / February
Showing 1401 - 1500 of 2164 CVEs for February 2023 (Page 15 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-37329 | 2023-02-16 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-34157 | 2023-02-16 | Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege... |
| CVE-2022-29514 | 2023-02-16 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2022-33964 | 2023-02-16 | Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
| CVE-2022-33190 | 2023-02-16 | Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-34854 | 2023-02-16 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-30692 | 2023-02-16 | Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2022-33946 | 2023-02-16 | Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-31476 | 2023-02-16 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-32971 | 2023-02-16 | Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2022-33972 | 2023-02-16 | Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2022-34841 | 2023-02-16 | Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-27170 | 2023-02-16 | Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-34346 | 2023-02-16 | Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36289 | 2023-02-16 | Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-35883 | 2023-02-16 | NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-34843 | 2023-02-16 | Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-32575 | 2023-02-16 | Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-34864 | 2023-02-16 | Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-29523 | 2023-02-16 | Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-35729 | 2023-02-16 | Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access. |
| CVE-2022-29494 | 2023-02-16 | Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access. |
| CVE-2022-29493 | 2023-02-16 | Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via... |
| CVE-2022-33196 | 2023-02-16 | Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of... |
| CVE-2022-36287 | 2023-02-16 | Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access. |
| CVE-2022-21163 | 2023-02-16 | Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-36416 | 2023-02-16 | Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36797 | 2023-02-16 | Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-36397 | 2023-02-16 | Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-37340 | 2023-02-16 | Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-36382 | 2023-02-16 | Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may... |
| CVE-2022-27808 | 2023-02-16 | Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2022-27234 | 2023-02-16 | Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access. |
| CVE-2022-38056 | 2023-02-16 | Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2022-36369 | 2023-02-16 | Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-38090 | 2023-02-16 | Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2021-33104 | 2023-02-16 | Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2022-41314 | 2023-02-16 | Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2022-41614 | 2023-02-16 | Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2023-0821 | 2023-02-16 | Nomad Client Vulnerable to Decompression Bombs in Artifact Block |
| CVE-2022-20803 | 2023-02-17 | ClamAV Double-free Vulnerability in the OLE2 File Parser |
| CVE-2023-21574 | 2023-02-17 | Adobe Photoshop Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-21575 | 2023-02-17 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21576 | 2023-02-17 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21577 | 2023-02-17 | Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21578 | 2023-02-17 | Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21584 | 2023-02-17 | Adobe FrameMaker Font Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-21619 | 2023-02-17 | Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-21620 | 2023-02-17 | Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21621 | 2023-02-17 | Adobe FrameMaker Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-21622 | 2023-02-17 | Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22233 | 2023-02-17 | Adobe After Effects Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-22237 | 2023-02-17 | Adobe After Effects Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22238 | 2023-02-17 | Adobe After Effects Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22239 | 2023-02-17 | Adobe After Effects Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-23921 | 2023-02-17 | Moodle: reflected xss risk in some returnurl parameters |
| CVE-2023-23922 | 2023-02-17 | Moodle: reflected xss risk in blog search |
| CVE-2023-23923 | 2023-02-17 | Moodle: possible to set the preferred "start page" of other users |
| CVE-2020-19824 | 2023-02-17 | An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. |
| CVE-2020-29168 | 2023-02-17 | SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. |
| CVE-2021-26277 | 2023-02-17 | Security Advisory | PendingIntent hijacking vulnerability in Framework Services |
| CVE-2021-3172 | 2023-02-17 | An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. |
| CVE-2021-32142 | 2023-02-17 | Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. |
| CVE-2021-32163 | 2023-02-17 | Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. |
| CVE-2021-32419 | 2023-02-17 | An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c. |
| CVE-2021-32441 | 2023-02-17 | SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class. |
| CVE-2021-32843 | 2023-02-17 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for... |
| CVE-2021-32844 | 2023-02-17 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check... |
| CVE-2021-32845 | 2023-02-17 | Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify |
| CVE-2021-32846 | 2023-02-17 | Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx |
| CVE-2021-33226 | 2023-02-17 | Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an... |
| CVE-2021-33391 | 2023-02-17 | An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. |
| CVE-2021-33926 | 2023-02-17 | An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8,... |
| CVE-2021-33948 | 2023-02-17 | SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. |
| CVE-2021-33949 | 2023-02-17 | An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. |
| CVE-2021-33950 | 2023-02-17 | An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. |
| CVE-2021-33983 | 2023-02-17 | Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function. |
| CVE-2021-34164 | 2023-02-17 | Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. |
| CVE-2021-34182 | 2023-02-17 | An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. |
| CVE-2021-35261 | 2023-02-17 | File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint. |
| CVE-2022-32972 | 2023-02-17 | Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. |
| CVE-2022-40021 | 2023-02-17 | QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. |
| CVE-2022-40032 | 2023-02-17 | SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. |
| CVE-2022-40347 | 2023-02-17 | SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. |
| CVE-2022-45701 | 2023-02-17 | Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. |
| CVE-2022-48115 | 2023-02-17 | The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). |
| CVE-2023-0482 | 2023-02-17 | In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. |
| CVE-2023-0877 | 2023-02-17 | Code Injection in froxlor/froxlor |
| CVE-2023-0878 | 2023-02-17 | Cross-site Scripting (XSS) - Generic in nuxt/framework |
| CVE-2023-0879 | 2023-02-17 | Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver |
| CVE-2023-0880 | 2023-02-17 | Misinterpretation of Input in thorsten/phpmyfaq |
| CVE-2023-21583 | 2023-02-17 | Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-21593 | 2023-02-17 | Adobe InDesign SVG file NULL Pointer Dereference Application denial-of-service |
| CVE-2023-22226 | 2023-02-17 | Adobe Bridge SVG file Stack-based Buffer Overflow Arbitrary code execution |
| CVE-2023-22227 | 2023-02-17 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22228 | 2023-02-17 | Adobe Bridge Improper Input Validation Remote Code Execution Vulnerability |
| CVE-2023-22229 | 2023-02-17 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22230 | 2023-02-17 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-22231 | 2023-02-17 | Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-22232 | 2023-02-17 | Adobe Connect Improper Access Control Security feature bypass |