CVE List - 2023 / February
Showing 701 - 800 of 2164 CVEs for February 2023 (Page 8 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-21444 | 2023-02-09 | Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. |
| CVE-2023-21445 | 2023-02-09 | Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles... |
| CVE-2023-21446 | 2023-02-09 | Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. |
| CVE-2023-21447 | 2023-02-09 | Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. |
| CVE-2023-21448 | 2023-02-09 | Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. |
| CVE-2023-21450 | 2023-02-09 | Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. |
| CVE-2023-21451 | 2023-02-09 | A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. |
| CVE-2023-22792 | 2023-02-09 | A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine... |
| CVE-2023-22797 | 2023-02-09 | An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully... |
| CVE-2023-22798 | 2023-02-09 | Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open... |
| CVE-2023-23592 | 2023-02-09 | WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. |
| CVE-2023-23912 | 2023-02-09 | A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a... |
| CVE-2023-24322 | 2023-02-09 | A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed... |
| CVE-2023-24323 | 2023-02-09 | Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. |
| CVE-2023-24684 | 2023-02-09 | ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. |
| CVE-2023-24685 | 2023-02-09 | ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. |
| CVE-2023-24686 | 2023-02-09 | An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. |
| CVE-2023-24687 | 2023-02-09 | Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2023-24688 | 2023-02-09 | An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. |
| CVE-2023-24689 | 2023-02-09 | An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in... |
| CVE-2023-24690 | 2023-02-09 | ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. |
| CVE-2022-25728 | 2023-02-09 | Buffer Over-read in MODEM |
| CVE-2022-25729 | 2023-02-09 | Improper Input Validation in MODEM |
| CVE-2022-25732 | 2023-02-09 | Buffer Over-read in MODEM |
| CVE-2022-25733 | 2023-02-09 | Null Pointer Dereference in MODEM |
| CVE-2022-25734 | 2023-02-09 | Loop with Unreachable Exit Condition in MODEM |
| CVE-2022-25735 | 2023-02-09 | Null Pointer Dereference in MODEM |
| CVE-2022-25738 | 2023-02-09 | Buffer Over-read in MODEM |
| CVE-2022-33216 | 2023-02-09 | Improper Input Validation in Automotive |
| CVE-2022-33221 | 2023-02-09 | Buffer over-read in Trusted Execution Environment |
| CVE-2022-33225 | 2023-02-09 | Use after free in Trusted Application Environment |
| CVE-2022-33229 | 2023-02-09 | Buffer over-read in Modem |
| CVE-2022-33232 | 2023-02-09 | Buffer copy without checking size of input in Hypervisor |
| CVE-2022-33233 | 2023-02-09 | Configuration weakness in modem |
| CVE-2022-33243 | 2023-02-09 | Improper access control in Qualcomm IPC |
| CVE-2022-33246 | 2023-02-09 | Use of out-of-range pointer offset in Audio |
| CVE-2022-33248 | 2023-02-09 | Integer overflow to buffer overflow in User Identity Module |
| CVE-2022-33271 | 2023-02-09 | Buffer over-read in WLAN |
| CVE-2022-33277 | 2023-02-09 | Buffer copy without checking size of input in modem |
| CVE-2022-33279 | 2023-02-09 | Stack based buffer overflow in WLAN |
| CVE-2022-33280 | 2023-02-09 | Access of uninitialized pointer in Bluetooth HOST |
| CVE-2022-33306 | 2023-02-09 | Buffer over-read in WLAN |
| CVE-2022-34145 | 2023-02-09 | Buffer over-read in WLAN Host |
| CVE-2022-34146 | 2023-02-09 | Improper input validation in WLAN Host |
| CVE-2022-40502 | 2023-02-09 | Improper input validation in WLAN Host |
| CVE-2022-40512 | 2023-02-09 | Buffer over-read in WLAN Firmware. |
| CVE-2022-40513 | 2023-02-09 | Uncontrolled resource consumption in WLAN Firmware. |
| CVE-2022-40514 | 2023-02-09 | Buffer copy without checking size of input in WLAN Firmware |
| CVE-2022-43440 | 2023-02-09 | Privilege escalation via manipulated unixcat executable |
| CVE-2022-4557 | 2023-02-09 | SQL Injection in Smartpower Web |
| CVE-2023-0758 | 2023-02-09 | glorylion JFinalOA SysOrg.java sql injection |
| CVE-2023-0574 | 2023-02-09 | Server-Side Request Forgery |
| CVE-2023-0745 | 2023-02-09 | Arbitrary File Write in High Availability Backup Upload |
| CVE-2023-0575 | 2023-02-09 | Remote Code Execution |
| CVE-2023-24815 | 2023-02-09 | Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web |
| CVE-2023-23631 | 2023-02-09 | HAMT Decoding Panics in github.com/ipfs/go-unixfsnode |
| CVE-2022-21939 | 2023-02-09 | Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT) |
| CVE-2022-21940 | 2023-02-09 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT) |
| CVE-2023-23626 | 2023-02-09 | Denial of service when feeding malformed size arguments in go-bitfield |
| CVE-2023-23625 | 2023-02-09 | Denial of service in HAMT Decoding in go-unixfs |
| CVE-2015-10076 | 2023-02-09 | dimtion Shaarlier Tag TagsSource.java createTag sql injection |
| CVE-2022-3568 | 2023-02-09 | The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated... |
| CVE-2023-23161 | 2023-02-10 | A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname... |
| CVE-2023-23162 | 2023-02-10 | Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. |
| CVE-2023-23163 | 2023-02-10 | Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. |
| CVE-2022-43501 | 2023-02-10 | KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the... |
| CVE-2022-44261 | 2023-02-10 | Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-45699 | 2023-02-10 | Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. |
| CVE-2022-45766 | 2023-02-10 | Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. |
| CVE-2022-46649 | 2023-02-10 | Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. |
| CVE-2022-46650 | 2023-02-10 | Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. |
| CVE-2023-0771 | 2023-02-10 | SQL Injection in ampache/ampache |
| CVE-2023-0777 | 2023-02-10 | Authentication Bypass by Primary Weakness in modoboa/modoboa |
| CVE-2023-23286 | 2023-02-10 | Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. |
| CVE-2023-24230 | 2023-02-10 | A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page... |
| CVE-2023-24231 | 2023-02-10 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-24232 | 2023-02-10 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-24233 | 2023-02-10 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-24234 | 2023-02-10 | A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-24343 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule. |
| CVE-2023-24344 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup. |
| CVE-2023-24345 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus. |
| CVE-2023-24346 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3. |
| CVE-2023-24347 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus. |
| CVE-2023-24348 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter. |
| CVE-2023-24349 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute. |
| CVE-2023-24350 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail. |
| CVE-2023-24351 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin. |
| CVE-2023-24352 | 2023-02-10 | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS. |
| CVE-2023-22832 | 2023-02-10 | Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes |
| CVE-2022-34452 | 2023-02-10 | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored... |
| CVE-2022-34454 | 2023-02-10 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. |
| CVE-2022-24410 | 2023-02-10 | Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read... |
| CVE-2023-0774 | 2023-02-10 | SourceCodester Medical Certificate Generator App action.php sql injection |
| CVE-2018-7935 | 2023-02-10 | There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable. |
| CVE-2023-23698 | 2023-02-10 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially... |
| CVE-2023-24573 | 2023-02-10 | Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder... |
| CVE-2023-24569 | 2023-02-10 | Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order... |
| CVE-2015-10077 | 2023-02-10 | webbuilders-group silverstripe-kapost-bridge KapostService.php getPreview sql injection |
| CVE-2022-4903 | 2023-02-10 | CodenameOne implicit intent for sensitive communication |