CVE List - 2023 / February
Showing 301 - 400 of 2164 CVEs for February 2023 (Page 4 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-125084 | 2023-02-05 | Gimmie Plugin trigger_referral.php sql injection |
| CVE-2014-125085 | 2023-02-05 | Gimmie Plugin trigger_ratethread.php sql injection |
| CVE-2021-31576 | 2023-02-06 | In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges... |
| CVE-2021-31577 | 2023-02-06 | In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional... |
| CVE-2021-31578 | 2023-02-06 | In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional... |
| CVE-2021-36224 | 2023-02-06 | Western Digital My Cloud devices before OS5 have a nobody account with a blank password. |
| CVE-2022-45722 | 2023-02-06 | ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2023-0687 | 2023-02-06 | A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph... |
| CVE-2021-31573 | 2023-02-06 | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution... |
| CVE-2021-31574 | 2023-02-06 | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution... |
| CVE-2021-31575 | 2023-02-06 | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution... |
| CVE-2021-36225 | 2023-02-06 | Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. |
| CVE-2021-36226 | 2023-02-06 | Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. |
| CVE-2022-28923 | 2023-02-06 | Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. |
| CVE-2022-32595 | 2023-02-06 | In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2022-32642 | 2023-02-06 | In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2022-32643 | 2023-02-06 | In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32654 | 2023-02-06 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32655 | 2023-02-06 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32656 | 2023-02-06 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2022-32663 | 2023-02-06 | In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2022-42950 | 2023-02-06 | An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can... |
| CVE-2022-42951 | 2023-02-06 | An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a... |
| CVE-2022-44267 | 2023-02-06 | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. |
| CVE-2022-44268 | 2023-02-06 | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the... |
| CVE-2022-44343 | 2023-02-06 | CRMEB 4.4.4 is vulnerable to Any File download. |
| CVE-2022-44617 | 2023-02-06 | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to... |
| CVE-2022-45589 | 2023-02-06 | All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade... |
| CVE-2022-46496 | 2023-02-06 | BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. |
| CVE-2022-47071 | 2023-02-06 | In NVS365 V01, the background network test function can trigger command execution. |
| CVE-2022-48019 | 2023-02-06 | The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload. |
| CVE-2022-48078 | 2023-02-06 | pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode. |
| CVE-2022-48085 | 2023-02-06 | Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. |
| CVE-2022-48164 | 2023-02-06 | An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. |
| CVE-2022-48166 | 2023-02-06 | An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. |
| CVE-2022-48311 | 2023-02-06 | **UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into... |
| CVE-2023-0615 | 2023-02-06 | A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user... |
| CVE-2023-20602 | 2023-02-06 | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20604 | 2023-02-06 | In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20605 | 2023-02-06 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20606 | 2023-02-06 | In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2023-20607 | 2023-02-06 | In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-20608 | 2023-02-06 | In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20609 | 2023-02-06 | In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is... |
| CVE-2023-20610 | 2023-02-06 | In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20611 | 2023-02-06 | In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20612 | 2023-02-06 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20613 | 2023-02-06 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20614 | 2023-02-06 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20615 | 2023-02-06 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20616 | 2023-02-06 | In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20618 | 2023-02-06 | In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2023-20619 | 2023-02-06 | In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2023-23333 | 2023-02-06 | There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. |
| CVE-2023-23849 | 2023-02-06 | Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the... |
| CVE-2023-24191 | 2023-02-06 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. |
| CVE-2023-24192 | 2023-02-06 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. |
| CVE-2023-24194 | 2023-02-06 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. |
| CVE-2023-24195 | 2023-02-06 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. |
| CVE-2023-24197 | 2023-02-06 | Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. |
| CVE-2023-24198 | 2023-02-06 | Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. |
| CVE-2023-24199 | 2023-02-06 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. |
| CVE-2023-24200 | 2023-02-06 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. |
| CVE-2023-24201 | 2023-02-06 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. |
| CVE-2023-24202 | 2023-02-06 | Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. |
| CVE-2023-24276 | 2023-02-06 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. |
| CVE-2023-25016 | 2023-02-06 | Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. |
| CVE-2014-125086 | 2023-02-06 | Gimmie Plugin trigger_login.php sql injection |
| CVE-2017-20176 | 2023-02-06 | ciubotaru share-on-diaspora new_window.php cross site scripting |
| CVE-2022-25855 | 2023-02-06 | All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. |
| CVE-2022-25853 | 2023-02-06 | All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. |
| CVE-2022-47339 | 2023-02-06 | In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed. |
| CVE-2022-47331 | 2023-02-06 | In wlan driver, there is a race condition. This could lead to local denial of service in wlan services. |
| CVE-2022-47341 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. |
| CVE-2022-47342 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. |
| CVE-2022-47343 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. |
| CVE-2022-47344 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. |
| CVE-2022-47345 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. |
| CVE-2022-47346 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. |
| CVE-2022-47347 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. |
| CVE-2022-47348 | 2023-02-06 | In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. |
| CVE-2022-47354 | 2023-02-06 | In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| CVE-2022-47355 | 2023-02-06 | In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| CVE-2022-47356 | 2023-02-06 | In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| CVE-2022-47357 | 2023-02-06 | In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| CVE-2022-47358 | 2023-02-06 | In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| CVE-2022-47359 | 2023-02-06 | In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| CVE-2022-47360 | 2023-02-06 | In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| CVE-2022-47361 | 2023-02-06 | In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. |
| CVE-2022-38675 | 2023-02-06 | In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. |
| CVE-2022-38674 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-38680 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-38681 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-38686 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-42783 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-44448 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-47322 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-47323 | 2023-02-06 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-47324 | 2023-02-06 | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| CVE-2022-47325 | 2023-02-06 | In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |