CVE List - 2023 / February
Showing 1701 - 1800 of 2164 CVEs for February 2023 (Page 18 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-23063 | 2023-02-22 | Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. |
| CVE-2021-33367 | 2023-02-22 | Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. |
| CVE-2022-2883 | 2023-02-22 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service |
| CVE-2022-29273 | 2023-02-22 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. |
| CVE-2022-39983 | 2023-02-22 | File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code. |
| CVE-2022-41567 | 2023-02-22 | TIBCO BusinessConnect Stored XSS Vulnerability |
| CVE-2022-45599 | 2023-02-22 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given... |
| CVE-2022-45600 | 2023-02-22 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by... |
| CVE-2022-48149 | 2023-02-22 | Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. |
| CVE-2023-0947 | 2023-02-22 | Path Traversal in flatpressblog/flatpress |
| CVE-2023-0949 | 2023-02-22 | Cross-site Scripting (XSS) - Reflected in modoboa/modoboa |
| CVE-2023-22972 | 2023-02-22 | A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. |
| CVE-2023-22973 | 2023-02-22 | A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. |
| CVE-2023-22974 | 2023-02-22 | A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. |
| CVE-2023-23039 | 2023-02-22 | An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(),... |
| CVE-2023-23040 | 2023-02-22 | TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. |
| CVE-2023-24093 | 2023-02-22 | An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password. |
| CVE-2023-24107 | 2023-02-22 | hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. |
| CVE-2023-24108 | 2023-02-22 | MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. |
| CVE-2023-24114 | 2023-02-22 | typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. |
| CVE-2023-26214 | 2023-02-22 | TIBCO BusinessConnect Reflected XSS Vulnerability |
| CVE-2023-26314 | 2023-02-22 | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. |
| CVE-2021-4325 | 2023-02-22 | NHN TOAST UI Chart Legend cross site scripting |
| CVE-2023-0953 | 2023-02-22 | Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. |
| CVE-2023-0951 | 2023-02-22 | Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. |
| CVE-2023-0952 | 2023-02-22 | Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. |
| CVE-2022-41217 | 2023-02-22 | Cloudflow - Unauthenticated file upload vulnerability |
| CVE-2022-41216 | 2023-02-22 | Cloudflow - Local File Inclusion Vulnerability |
| CVE-2021-4326 | 2023-02-22 | Imperative Local Command Injection allows Activity Masking |
| CVE-2022-43870 | 2023-02-22 | IBM Spectrum Virtualize information disclosure |
| CVE-2022-43873 | 2023-02-22 | IBM Spectrum Virtualize privilege escalation |
| CVE-2022-43578 | 2023-02-22 | IBM Sterling B2B Integrator Standard Edition cross-site scripting |
| CVE-2023-0960 | 2023-02-22 | SeaCMS Picture Management config.ftp.php deserialization |
| CVE-2023-0961 | 2023-02-22 | SourceCodester Music Gallery Site GET Request view_music_details.php sql injection |
| CVE-2023-0962 | 2023-02-22 | SourceCodester Music Gallery Site GET Request Master.php sql injection |
| CVE-2023-0963 | 2023-02-22 | SourceCodester Music Gallery Site POST Request Users.php access control |
| CVE-2023-25813 | 2023-02-22 | SQL Injection via replacements in sequelize |
| CVE-2023-25579 | 2023-02-22 | Directory traversal in Nextcloud server |
| CVE-2023-0964 | 2023-02-22 | SourceCodester Sales Tracker Management System view_product.php sql injection |
| CVE-2023-0846 | 2023-02-22 | Unauthenticated, stored XSS in display of alarm reduction-key |
| CVE-2023-25154 | 2023-02-22 | Cross site scripting (XSS) of ActivityPub URI in misskey |
| CVE-2023-24812 | 2023-02-22 | SQL injection of notes/search-by-tag |
| CVE-2023-24811 | 2023-02-22 | Cross site scripting (XSS) vulnerability using url preview in Misskey |
| CVE-2023-24810 | 2023-02-22 | Cross site scripting (XSS) vulnerability using authentication callback in Misskey |
| CVE-2023-0966 | 2023-02-22 | SourceCodester Online Eyewear Shop cross site scripting |
| CVE-2023-0927 | 2023-02-22 | Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption... |
| CVE-2023-0928 | 2023-02-22 | Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-0929 | 2023-02-22 | Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-0930 | 2023-02-22 | Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-0931 | 2023-02-22 | Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-0932 | 2023-02-22 | Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit... |
| CVE-2023-0933 | 2023-02-22 | Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) |
| CVE-2023-0941 | 2023-02-22 | Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2023-0104 | 2023-02-22 | The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the... |
| CVE-2022-37936 | 2023-02-22 | Unauthenticated Java deserialization vulnerability in Serviceguard Manager |
| CVE-2022-37937 | 2023-02-22 | Pre-auth memory corruption in HPE Serviceguard |
| CVE-2022-37938 | 2023-02-22 | Unauthenticated server side request forgery in HPE Serviceguard Manager |
| CVE-2023-26302 | 2023-02-22 | markdown-it-py CLI crash on invalid UTF-8 characters |
| CVE-2023-26303 | 2023-02-22 | markdown-it-py crash on null assertions |
| CVE-2023-20011 | 2023-02-23 | Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability |
| CVE-2023-20012 | 2023-02-23 | Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability |
| CVE-2023-20015 | 2023-02-23 | Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability |
| CVE-2023-20016 | 2023-02-23 | Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability |
| CVE-2023-20050 | 2023-02-23 | Cisco NX-OS Software CLI Command Injection Vulnerability |
| CVE-2023-20089 | 2023-02-23 | Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability |
| CVE-2023-23915 | 2023-02-23 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support,... |
| CVE-2022-3219 | 2023-02-23 | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. |
| CVE-2022-36231 | 2023-02-23 | pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3. |
| CVE-2022-4492 | 2023-02-23 | The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default)... |
| CVE-2022-46784 | 2023-02-23 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) |
| CVE-2022-46785 | 2023-02-23 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2). |
| CVE-2022-46786 | 2023-02-23 | SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2). |
| CVE-2022-48341 | 2023-02-23 | ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. |
| CVE-2023-0044 | 2023-02-23 | If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can... |
| CVE-2023-0597 | 2023-02-23 | A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s)... |
| CVE-2023-23294 | 2023-02-23 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root. |
| CVE-2023-23295 | 2023-02-23 | Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as... |
| CVE-2023-23296 | 2023-02-23 | Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. |
| CVE-2023-23914 | 2023-02-23 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be... |
| CVE-2023-23916 | 2023-02-23 | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times... |
| CVE-2023-23917 | 2023-02-23 | A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your... |
| CVE-2023-23918 | 2023-02-23 | A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules... |
| CVE-2023-23919 | 2023-02-23 | A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may... |
| CVE-2023-23920 | 2023-02-23 | An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. |
| CVE-2023-24104 | 2023-02-23 | Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. |
| CVE-2023-24205 | 2023-02-23 | Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). |
| CVE-2023-24212 | 2023-02-23 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. |
| CVE-2023-24317 | 2023-02-23 | Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. |
| CVE-2023-26325 | 2023-02-23 | The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. |
| CVE-2023-26326 | 2023-02-23 | The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR... |
| CVE-2023-26462 | 2023-02-23 | ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data,... |
| CVE-2023-26468 | 2023-02-23 | Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. |
| CVE-2023-0939 | 2023-02-23 | Multiple SQL Injection on NTN Information Technologies' Online Services software |
| CVE-2023-25621 | 2023-02-23 | Apache Sling does not allow to handle i18n content in a secure way |
| CVE-2023-0980 | 2023-02-23 | SourceCodester Yoga Class Registration System Status Update update_status.php sql injection |
| CVE-2023-0981 | 2023-02-23 | SourceCodester Yoga Class Registration System Delete User sql injection |
| CVE-2023-0982 | 2023-02-23 | SourceCodester Yoga Class Registration System Add Class Entry sql injection |
| CVE-2022-2504 | 2023-02-23 | SQLi in SDD-Baro |
| CVE-2023-0869 | 2023-02-23 | Cross-site scripting in outage/list.htm |
| CVE-2023-0868 | 2023-02-23 | Stealing Cookies using Reflected XSS via graph results |