CVE List - 2023 / February
Showing 601 - 700 of 2164 CVEs for February 2023 (Page 7 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-43762 | 2023-02-08 | Memory leak when receiving messages in APROL Tbase server |
| CVE-2022-43763 | 2023-02-08 | Lack of checking preconditions in APROL |
| CVE-2022-43764 | 2023-02-08 | Buffer overflow when changing configuration on Tbase Server |
| CVE-2022-43765 | 2023-02-08 | DoS in APROLs Tbase server |
| CVE-2022-41620 | 2023-02-08 | WordPress SeoSamba for WordPress Webmasters Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45085 | 2023-02-08 | Server-Side Request Forgery in Smartpower Web |
| CVE-2023-0001 | 2023-02-08 | Cortex XDR Agent: Cleartext Exposure of Agent Admin Password |
| CVE-2023-0002 | 2023-02-08 | Cortex XDR Agent: Product Disruption by Local Windows User |
| CVE-2023-0003 | 2023-02-08 | Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server |
| CVE-2023-23475 | 2023-02-08 | IBM Infosphere Information Server cross-site scripting |
| CVE-2022-35720 | 2023-02-08 | IBM Sterling External Authentication Server information disclosure |
| CVE-2022-45086 | 2023-02-08 | Cross-site Scripting in Smartpower Web |
| CVE-2023-0690 | 2023-02-08 | Boundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured |
| CVE-2022-34362 | 2023-02-08 | IBM Sterling Secure Proxy HOST header injection |
| CVE-2022-45087 | 2023-02-08 | Cross-site Scripting in Smartpower Web |
| CVE-2022-43869 | 2023-02-08 | IBM Spectrum Scale denial of service |
| CVE-2022-45088 | 2023-02-08 | Local File Inclusion in Smartpower Web |
| CVE-2023-25152 | 2023-02-08 | Symbolic Link (Symlink) Following in github.com/pterodactyl/wings |
| CVE-2022-42438 | 2023-02-08 | IBM Cloud Pak for Multicloud Management Monitoring privilege escalation |
| CVE-2023-0401 | 2023-02-08 | NULL dereference during PKCS7 data verification |
| CVE-2023-0286 | 2023-02-08 | X.400 address type confusion in X.509 GeneralName |
| CVE-2023-0217 | 2023-02-08 | NULL dereference validating DSA public key |
| CVE-2023-0216 | 2023-02-08 | Invalid pointer dereference in d2i_PKCS7 functions |
| CVE-2023-0215 | 2023-02-08 | Use-after-free following BIO_new_NDEF |
| CVE-2022-4450 | 2023-02-08 | Double free after calling PEM_read_bio_ex |
| CVE-2022-4304 | 2023-02-08 | Timing Oracle in RSA Decryption |
| CVE-2023-25165 | 2023-02-08 | getHostByName Function Information Disclosure |
| CVE-2022-34350 | 2023-02-08 | IBM API Connect security bypass |
| CVE-2023-25150 | 2023-02-08 | Document content of files can be obtained through Collabora for files of other users |
| CVE-2022-45089 | 2023-02-08 | SQL Injection in Smartpower Web |
| CVE-2022-45090 | 2023-02-08 | SQL Injection in Smartpower Web |
| CVE-2023-25151 | 2023-02-08 | DoS vulnerability for high cardinality metrics in opentelemetry-go-contrib |
| CVE-2023-0751 | 2023-02-08 | GELI silently omits the keyfile if read from stdin |
| CVE-2023-25164 | 2023-02-08 | Sensitive Information leak via Script File in TinaCMS |
| CVE-2022-45091 | 2023-02-08 | Cross-site Scripting in Smartpower Web |
| CVE-2023-25166 | 2023-02-08 | Regular Expression Denial of Service (ReDoS) Vulnerability |
| CVE-2022-42436 | 2023-02-08 | IBM MQ information disclosure |
| CVE-2023-25167 | 2023-02-08 | Regular expression denial of service via installing themes via git in discourse |
| CVE-2023-25163 | 2023-02-08 | Argo CD leaks repository credentials in user-facing error messages and in logs |
| CVE-2023-0249 | 2023-02-08 | CVE-2023-0249 |
| CVE-2023-0250 | 2023-02-08 | CVE-2023-0250 |
| CVE-2023-0251 | 2023-02-08 | CVE-2023-0251 |
| CVE-2023-25168 | 2023-02-08 | Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings |
| CVE-2022-43552 | 2023-02-09 | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do)... |
| CVE-2022-44570 | 2023-02-09 | A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take... |
| CVE-2022-44571 | 2023-02-09 | There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can... |
| CVE-2022-44572 | 2023-02-09 | A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart... |
| CVE-2023-0770 | 2023-02-09 | Stack-based Buffer Overflow in gpac/gpac |
| CVE-2023-22794 | 2023-02-09 | A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method,... |
| CVE-2023-22795 | 2023-02-09 | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to... |
| CVE-2023-22796 | 2023-02-09 | A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a... |
| CVE-2023-22799 | 2023-02-09 | A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount... |
| CVE-2023-22953 | 2023-02-09 | In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. |
| CVE-2022-30564 | 2023-02-09 | Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device... |
| CVE-2022-43550 | 2023-02-09 | A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity... |
| CVE-2022-44566 | 2023-02-09 | A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection... |
| CVE-2022-48286 | 2023-02-09 | The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48287 | 2023-02-09 | The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. |
| CVE-2022-48288 | 2023-02-09 | The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48289 | 2023-02-09 | The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48290 | 2023-02-09 | The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. |
| CVE-2022-48292 | 2023-02-09 | The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48293 | 2023-02-09 | The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48294 | 2023-02-09 | The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48295 | 2023-02-09 | The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). |
| CVE-2022-48296 | 2023-02-09 | The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. |
| CVE-2022-48297 | 2023-02-09 | The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. |
| CVE-2022-48298 | 2023-02-09 | The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. |
| CVE-2022-48299 | 2023-02-09 | The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48300 | 2023-02-09 | The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-48301 | 2023-02-09 | The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. |
| CVE-2022-48302 | 2023-02-09 | The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2023-0624 | 2023-02-09 | OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the... |
| CVE-2023-0759 | 2023-02-09 | Privilege Chaining in cockpit-hq/cockpit |
| CVE-2023-0760 | 2023-02-09 | Heap-based Buffer Overflow in gpac/gpac |
| CVE-2023-21419 | 2023-02-09 | An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. |
| CVE-2023-21420 | 2023-02-09 | Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. |
| CVE-2023-21421 | 2023-02-09 | Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. |
| CVE-2023-21422 | 2023-02-09 | Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. |
| CVE-2023-21423 | 2023-02-09 | Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. |
| CVE-2023-21424 | 2023-02-09 | Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. |
| CVE-2023-21425 | 2023-02-09 | Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. |
| CVE-2023-21426 | 2023-02-09 | Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. |
| CVE-2023-21427 | 2023-02-09 | Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. |
| CVE-2023-21428 | 2023-02-09 | Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. |
| CVE-2023-21429 | 2023-02-09 | Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. |
| CVE-2023-21430 | 2023-02-09 | An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. |
| CVE-2023-21431 | 2023-02-09 | Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. |
| CVE-2023-21432 | 2023-02-09 | Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. |
| CVE-2023-21433 | 2023-02-09 | Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. |
| CVE-2023-21434 | 2023-02-09 | Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. |
| CVE-2023-21435 | 2023-02-09 | Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. |
| CVE-2023-21436 | 2023-02-09 | Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. |
| CVE-2023-21437 | 2023-02-09 | Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. |
| CVE-2023-21438 | 2023-02-09 | Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. |
| CVE-2023-21439 | 2023-02-09 | Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. |
| CVE-2023-21440 | 2023-02-09 | Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. |
| CVE-2023-21441 | 2023-02-09 | Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected... |
| CVE-2023-21442 | 2023-02-09 | Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. |
| CVE-2023-21443 | 2023-02-09 | Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. |