CVE List - 2023 / February
Showing 1501 - 1600 of 2164 CVEs for February 2023 (Page 16 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-22234 | 2023-02-17 | Adobe Premiere Rush PSD file Stack-based Buffer Overflow Arbitrary code execution |
| CVE-2023-22236 | 2023-02-17 | Adobe Animate Heap-based Buffer Overflow Arbitrary code execution |
| CVE-2023-22243 | 2023-02-17 | Adobe Animate SVG file Stack-based Buffer Overflow Arbitrary code execution |
| CVE-2023-22244 | 2023-02-17 | Adobe Premiere Rush PSD files Use After Free Arbitrary code execution |
| CVE-2023-22246 | 2023-02-17 | Adobe Animate FLA files Use After Free Arbitrary code execution |
| CVE-2023-23007 | 2023-02-17 | An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. |
| CVE-2023-23064 | 2023-02-17 | TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. |
| CVE-2023-23279 | 2023-02-17 | Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. |
| CVE-2023-24078 | 2023-02-17 | Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/. |
| CVE-2023-24219 | 2023-02-17 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. |
| CVE-2023-24220 | 2023-02-17 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. |
| CVE-2023-24221 | 2023-02-17 | LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. |
| CVE-2023-24329 | 2023-02-17 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
| CVE-2023-24369 | 2023-02-17 | A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New... |
| CVE-2023-24769 | 2023-02-17 | Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a... |
| CVE-2023-24785 | 2023-02-17 | An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. |
| CVE-2023-23695 | 2023-02-17 | Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain... |
| CVE-2023-0882 | 2023-02-17 | Authorization Bypass Through User-Controlled Key on Single Connect |
| CVE-2023-0883 | 2023-02-17 | SourceCodester Online Pizza Ordering System index.php sql injection |
| CVE-2023-0887 | 2023-02-17 | phjounin TFTPD64-SE tftpd64_svc.exe unquoted search path |
| CVE-2023-23586 | 2023-02-17 | Use after free in io_uring in the Linux Kernel |
| CVE-2023-23899 | 2023-02-17 | WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24388 | 2023-02-17 | WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47986 | 2023-02-17 | IBM Aspera Faspex code execution |
| CVE-2023-22868 | 2023-02-17 | IBM Aspera Faspex cross-site scripting |
| CVE-2022-36775 | 2023-02-17 | IBM Security Verify Access HOST header injection |
| CVE-2023-24964 | 2023-02-17 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-0822 | 2023-02-17 | Improper Authorization |
| CVE-2022-43927 | 2023-02-17 | IBM Db2 for Linux, UNIX and Windows information disclosure |
| CVE-2022-43929 | 2023-02-17 | IBM Db2 for Linux, UNIX and Windows denial of service |
| CVE-2023-0895 | 2023-02-17 | The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including,... |
| CVE-2022-43930 | 2023-02-17 | IBM Db2 for Linux, UNIX and Windows information disclosure |
| CVE-2023-26020 | 2023-02-17 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio |
| CVE-2022-41734 | 2023-02-17 | IBM Maximo Asset Management information disclosure |
| CVE-2022-40232 | 2023-02-17 | IBM Sterling B2B Integrator Standard Edition improper access control |
| CVE-2022-43579 | 2023-02-17 | IBM Sterling B2B Integrator Standard Edition cross-site scripting |
| CVE-2022-40231 | 2023-02-17 | IBM Sterling B2B Integrator Standard Edition improper access control |
| CVE-2023-24960 | 2023-02-17 | IBM InfoSphere Information Server information disclosure |
| CVE-2022-34351 | 2023-02-17 | IBM QRadar SIEM information disclosure |
| CVE-2023-24809 | 2023-02-17 | NetHack Call command buffer overflow |
| CVE-2022-40348 | 2023-02-18 | Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. |
| CVE-2023-0901 | 2023-02-18 | Exposure of Sensitive Information to an Unauthorized Actor in pixelfed/pixelfed |
| CVE-2022-37935 | 2023-02-18 | HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password. |
| CVE-2023-0902 | 2023-02-18 | SourceCodester Simple Food Ordering System process_order.php cross site scripting |
| CVE-2023-0903 | 2023-02-18 | SourceCodester Employee Task Management System edit-task.php sql injection |
| CVE-2023-0904 | 2023-02-18 | SourceCodester Employee Task Management System task-details.php sql injection |
| CVE-2023-0905 | 2023-02-18 | SourceCodester Employee Task Management System changePasswordForEmployee.php improper authentication |
| CVE-2023-0906 | 2023-02-18 | SourceCodester Online Pizza Ordering System POST Parameter ajax.php delete_category missing authentication |
| CVE-2023-0907 | 2023-02-18 | Filseclab Twister Antivirus IoControlCode ffsmon.sys 0x220017 denial of service |
| CVE-2023-0908 | 2023-02-18 | Xoslab Easy File Locker xlkfs.sys MessageNotifyCallback denial of service |
| CVE-2023-0909 | 2023-02-18 | cxasm notepad-- Directory Comparison denial of service |
| CVE-2023-0910 | 2023-02-18 | SourceCodester Online Pizza Ordering System GET Parameter view_prod.php sql injection |
| CVE-2023-0912 | 2023-02-18 | SourceCodester Auto Dealer Management System sql injection |
| CVE-2023-0913 | 2023-02-18 | SourceCodester Auto Dealer Management System sql injection |
| CVE-2023-0914 | 2023-02-19 | Improper Authorization in pixelfed/pixelfed |
| CVE-2023-0919 | 2023-02-19 | Missing Authentication for Critical Function in kareadita/kavita |
| CVE-2023-0915 | 2023-02-19 | SourceCodester Auto Dealer Management System sql injection |
| CVE-2023-0916 | 2023-02-19 | SourceCodester Auto Dealer Management System Users.php access control |
| CVE-2023-0917 | 2023-02-19 | SourceCodester Simple Customer Relationship Management System login.php sql injection |
| CVE-2023-0918 | 2023-02-19 | codeprojects Pharmacy Management System Avatar Image add.php unrestricted upload |
| CVE-2012-10007 | 2023-02-19 | madgicweb BuddyStream Plugin ShareBox.php cross site scripting |
| CVE-2014-125087 | 2023-02-19 | java-xmlbuilder xml external entity reference |
| CVE-2016-15024 | 2023-02-19 | doomsider shadow denial of service |
| CVE-2022-48328 | 2023-02-20 | app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. |
| CVE-2023-25656 | 2023-02-20 | notation-go has excessive memory allocation on verification |
| CVE-2021-32847 | 2023-02-20 | Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx |
| CVE-2021-32848 | 2023-02-20 | Octobox ReDoS vulnerability |
| CVE-2021-32850 | 2023-02-20 | jQuery MiniColors vulnerable to Cross-site Scripting |
| CVE-2021-32851 | 2023-02-20 | jQuery MiniColors vulnerable to Cross-site Scripting |
| CVE-2021-32852 | 2023-02-20 | countly-server vulnerable to Cross-site Scripting |
| CVE-2021-32853 | 2023-02-20 | Erxes vulnerable to Cross-site Scripting |
| CVE-2021-32854 | 2023-02-20 | textAngular text editor vulnerable to Cross-site Scripting |
| CVE-2021-32855 | 2023-02-20 | vditor vulnerable to Cross-site Scripting |
| CVE-2021-32856 | 2023-02-20 | Microweber vulnerable to Cross-site Scripting |
| CVE-2021-32857 | 2023-02-20 | Cockpit vulnerable to Cross-site Scripting |
| CVE-2021-32858 | 2023-02-20 | esdoc-publish-html-plugin vulnerable to Cross-site Scripting |
| CVE-2021-32859 | 2023-02-20 | Baremetrics date range picker vulnerable to Cross-site Scripting |
| CVE-2021-32860 | 2023-02-20 | iziModal vulnerable to Cross-site Scripting |
| CVE-2022-44216 | 2023-02-20 | Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. |
| CVE-2022-48329 | 2023-02-20 | MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. |
| CVE-2022-48337 | 2023-02-20 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation... |
| CVE-2022-48338 | 2023-02-20 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to... |
| CVE-2022-48339 | 2023-02-20 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and... |
| CVE-2023-23452 | 2023-02-20 | Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands... |
| CVE-2023-23453 | 2023-02-20 | Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands... |
| CVE-2023-26081 | 2023-02-20 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. |
| CVE-2023-26092 | 2023-02-20 | Liima before 1.17.28 allows server-side template injection. |
| CVE-2023-26093 | 2023-02-20 | Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. |
| CVE-2023-26234 | 2023-02-20 | JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. |
| CVE-2023-26235 | 2023-02-20 | JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. |
| CVE-2012-10008 | 2023-02-20 | uakfdotb oneapp sql injection |
| CVE-2013-10019 | 2023-02-20 | OCLC-Research OAICat sql injection |
| CVE-2014-125088 | 2023-02-20 | qt-users-jp silk header.qml cross site scripting |
| CVE-2015-10080 | 2023-02-20 | NREL api-umbrella-web Admin Data Table cross site scripting |
| CVE-2016-15025 | 2023-02-20 | generator-hottowel 404 Error _app.js cross site scripting |
| CVE-2016-15026 | 2023-02-20 | 3breadt dd-plist xml external entity reference |
| CVE-2023-25569 | 2023-02-20 | apollo-portal has potential CSRF issue |
| CVE-2023-25570 | 2023-02-20 | Apollo has potential access control security issue in eureka |
| CVE-2023-25613 | 2023-02-20 | LDAP Injection Vulnerability in Apache Kerby |
| CVE-2023-25805 | 2023-02-20 | versionn Command Injection Vulnerability |