CVE List - 2023 / February
Showing 801 - 900 of 2164 CVEs for February 2023 (Page 9 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-33934 | 2023-02-10 | Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML... |
| CVE-2022-34364 | 2023-02-10 | Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. . |
| CVE-2022-34366 | 2023-02-10 | Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. |
| CVE-2022-34376 | 2023-02-10 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a... |
| CVE-2023-24816 | 2023-02-10 | set_term_title command injection in ipython |
| CVE-2022-34377 | 2023-02-10 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary... |
| CVE-2022-34384 | 2023-02-10 | Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local... |
| CVE-2022-34385 | 2023-02-10 | SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue... |
| CVE-2022-34386 | 2023-02-10 | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the... |
| CVE-2022-34387 | 2023-02-10 | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially... |
| CVE-2022-34388 | 2023-02-10 | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could... |
| CVE-2022-34389 | 2023-02-10 | Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a... |
| CVE-2022-34392 | 2023-02-10 | SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to... |
| CVE-2022-34404 | 2023-02-10 | Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential... |
| CVE-2022-34444 | 2023-02-10 | Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. |
| CVE-2022-34445 | 2023-02-10 | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2022-34446 | 2023-02-10 | PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access... |
| CVE-2022-34447 | 2023-02-10 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute... |
| CVE-2022-34448 | 2023-02-10 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged... |
| CVE-2022-34449 | 2023-02-10 | PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored... |
| CVE-2022-34450 | 2023-02-10 | PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. |
| CVE-2022-34451 | 2023-02-10 | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions... |
| CVE-2022-45104 | 2023-02-10 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading... |
| CVE-2022-46675 | 2023-02-10 | Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this... |
| CVE-2022-46676 | 2023-02-10 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group... |
| CVE-2022-46678 | 2023-02-10 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. |
| CVE-2022-46677 | 2023-02-10 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is... |
| CVE-2022-46755 | 2023-02-10 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. |
| CVE-2022-46754 | 2023-02-10 | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized... |
| CVE-2023-0776 | 2023-02-10 | Remote Code Execution in Baicells QRTB Platform |
| CVE-2023-25562 | 2023-02-10 | Failure to Invalidate Session on Logout in DataHub |
| CVE-2023-25561 | 2023-02-10 | Login fail open on JAAS misconfiguration in DataHub |
| CVE-2023-25560 | 2023-02-10 | JSON Injection in DataHub |
| CVE-2023-25559 | 2023-02-10 | System account impersonation in DataHub |
| CVE-2023-25558 | 2023-02-10 | Deserialization of untrusted data in DataHub |
| CVE-2023-25557 | 2023-02-10 | Server-Side Request Forgery in DataHub |
| CVE-2023-0127 | 2023-02-11 | A command injection vulnerability in the firmware_update command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. |
| CVE-2023-0780 | 2023-02-11 | Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit |
| CVE-2023-0781 | 2023-02-11 | SourceCodester Canteen Management System removeOrder.php query sql injection |
| CVE-2023-0782 | 2023-02-11 | Tenda AC23 httpd formGetSysToolDDNS out-of-bounds write |
| CVE-2023-0783 | 2023-02-11 | EcShop PHP File template.php unrestricted upload |
| CVE-2023-20076 | 2023-02-12 | Cisco IOx Application Hosting Environment Command Injection Vulnerability |
| CVE-2023-0786 | 2023-02-12 | Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq |
| CVE-2023-0787 | 2023-02-12 | Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq |
| CVE-2023-0788 | 2023-02-12 | Code Injection in thorsten/phpmyfaq |
| CVE-2023-0789 | 2023-02-12 | Command Injection in thorsten/phpmyfaq |
| CVE-2023-0790 | 2023-02-12 | Uncaught Exception in thorsten/phpmyfaq |
| CVE-2023-0791 | 2023-02-12 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0792 | 2023-02-12 | Code Injection in thorsten/phpmyfaq |
| CVE-2023-0793 | 2023-02-12 | Weak Password Requirements in thorsten/phpmyfaq |
| CVE-2023-0794 | 2023-02-12 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-0784 | 2023-02-12 | SourceCodester Best Online News Portal Login Page sql injection |
| CVE-2023-0785 | 2023-02-12 | SourceCodester Best Online News Portal check_availability.php information exposure |
| CVE-2015-10078 | 2023-02-12 | atwellpub Resend Welcome Email Plugin resend-welcome-email.php send_welcome_email_url cross site scripting |
| CVE-2019-25102 | 2023-02-12 | simple-markdown simple-markdown.js redos |
| CVE-2019-25103 | 2023-02-12 | simple-markdown simple-markdown.js redos |
| CVE-2020-36661 | 2023-02-12 | Kong lua-multipart multipart.lua is_header redos |
| CVE-2022-3411 | 2023-02-13 | A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large... |
| CVE-2022-3759 | 2023-02-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1.... |
| CVE-2022-40022 | 2023-02-13 | Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. |
| CVE-2022-4138 | 2023-02-13 | A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8... |
| CVE-2022-43460 | 2023-02-13 | Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials... |
| CVE-2022-45285 | 2023-02-13 | Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-45724 | 2023-02-13 | Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to... |
| CVE-2022-45725 | 2023-02-13 | Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request |
| CVE-2022-45962 | 2023-02-13 | Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. |
| CVE-2022-47034 | 2023-02-13 | A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. |
| CVE-2022-48077 | 2023-02-13 | Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. |
| CVE-2022-48110 | 2023-02-13 | CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability.... |
| CVE-2022-48322 | 2023-02-13 | NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P... |
| CVE-2022-48323 | 2023-02-13 | Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by... |
| CVE-2023-0518 | 2023-02-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1.... |
| CVE-2023-0795 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0796 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0797 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile... |
| CVE-2023-0798 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0799 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0800 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0801 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile... |
| CVE-2023-0802 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0803 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0804 | 2023-02-13 | LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2023-0810 | 2023-02-13 | Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver |
| CVE-2023-0817 | 2023-02-13 | Buffer Over-read in gpac/gpac |
| CVE-2023-0818 | 2023-02-13 | Off-by-one Error in gpac/gpac |
| CVE-2023-0819 | 2023-02-13 | Heap-based Buffer Overflow in gpac/gpac |
| CVE-2023-22345 | 2023-02-13 | Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user... |
| CVE-2023-22346 | 2023-02-13 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen... |
| CVE-2023-22347 | 2023-02-13 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of... |
| CVE-2023-22349 | 2023-02-13 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of... |
| CVE-2023-22350 | 2023-02-13 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of... |
| CVE-2023-22353 | 2023-02-13 | Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of... |
| CVE-2023-22360 | 2023-02-13 | Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of... |
| CVE-2023-22362 | 2023-02-13 | SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows:... |
| CVE-2023-22367 | 2023-02-13 | Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop... |
| CVE-2023-22854 | 2023-02-13 | The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful... |
| CVE-2023-24084 | 2023-02-13 | ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. |
| CVE-2023-24086 | 2023-02-13 | SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. |
| CVE-2023-24188 | 2023-02-13 | ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. |
| CVE-2023-24619 | 2023-02-13 | Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local... |