adguard — adguard |
Improper input validation in driver adgnetworkwfpdrv.sys in Adguard For Windows x86 up to version 7.11 allows attacker to gain local privileges escalation. |
2023-01-26 |
not yet calculated |
CVE-2022-45770 MISC MISC |
amano — xoffice_parking_solutions |
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection. |
2023-01-24 |
not yet calculated |
CVE-2023-23331 MISC MISC |
android — automaticzenrule |
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204 |
2023-01-26 |
not yet calculated |
CVE-2022-20494 MISC |
android — multiple_products |
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508 |
2023-01-26 |
not yet calculated |
CVE-2022-20213 MISC |
android — multiple_products |
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210 |
2023-01-26 |
not yet calculated |
CVE-2022-20214 MISC |
android — multiple_products |
The PowerVR GPU kernel driver maintains an “Information Page” used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780 |
2023-01-26 |
not yet calculated |
CVE-2022-20235 MISC |
android — multiple_products |
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780 |
2023-01-26 |
not yet calculated |
CVE-2022-20456 MISC |
android — multiple_products |
The logs of sensitive information (PII) or hardware identifier should only be printed in Android “userdebug” or “eng” build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user’s account name (i.e. PII), in Android “user” build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776 |
2023-01-26 |
not yet calculated |
CVE-2022-20458 MISC |
android — multiple_products |
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963 |
2023-01-26 |
not yet calculated |
CVE-2022-20461 MISC |
android — multiple_products |
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460 |
2023-01-26 |
not yet calculated |
CVE-2022-20489 MISC |
android — multiple_products |
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505 |
2023-01-26 |
not yet calculated |
CVE-2022-20490 MISC |
android — multiple_products |
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043 |
2023-01-26 |
not yet calculated |
CVE-2022-20492 MISC |
android — multiple_products |
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316 |
2023-01-26 |
not yet calculated |
CVE-2022-20493 MISC |
android — oncreate |
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206 |
2023-01-26 |
not yet calculated |
CVE-2022-20215 MISC |
apache — airflow |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. |
2023-01-21 |
not yet calculated |
CVE-2023-22884 MISC MISC |
apache — ldap |
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. |
2023-01-27 |
not yet calculated |
CVE-2020-36658 MISC MLIST |
apache — ldap |
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. |
2023-01-27 |
not yet calculated |
CVE-2020-36659 MISC MLIST |
apple — swift |
A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as extra headers, or even a second request. For example, consider a URLRequest to http://example.com/ with the GET method. Suppose we set the URLRequest header “Foo” to the value “Bar Extra-Header: Added GET /other HTTP/1.1”. When this request is sent, it will appear to the server as two requests: GET / HTTP/1.1 Foo: Bar Extra-Header: Added GET /other HTTP/1.1 In this manner, the client is able to inject extra headers and craft an entirely new request to a separate path, despite only making one API call in URLSession. If a developer has total control over the request and its headers, this vulnerability may not pose a threat. However, this vulnerability escalates if un-sanitized user input is placed in header values. If so, a malicious user could inject new headers or requests to an intermediary or backend server. Developers should be especially careful to sanitize user input in this case, or upgrade their version of swift-corelibs-foundation to include the patch below. |
2023-01-20 |
not yet calculated |
CVE-2022-3918 MISC |
argocd — argocd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD’s configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD’s configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token’s `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds. |
2023-01-26 |
not yet calculated |
CVE-2023-22482 MISC |
argocd — argocd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-. Reconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource. This bug only applies to users who have explicitly enabled the “apps-in-any-namespace” feature by setting `application.namespaces` in the argocd-cmd-params-cm ConfigMap or otherwise setting the `–application-namespaces` flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory’s publish date. The bug is also limited to Argo CD instances where sharding is enabled by increasing the `replicas` count for the Application controller. Finally, the AppProjects’ `sourceNamespaces` field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace. A patch for this vulnerability has been released in versions 2.5.8 and 2.6.0-rc5. As a workaround, running only one replica of the Application controller will prevent exploitation of this bug. Making sure all AppProjects’ sourceNamespaces are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug. |
2023-01-26 |
not yet calculated |
CVE-2023-22736 MISC |
arista — multiple_products |
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable. |
2023-01-26 |
not yet calculated |
CVE-2021-28510 MISC |
askey — rtf3505vw-n1_router |
An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80. |
2023-01-26 |
not yet calculated |
CVE-2022-47040 MISC |
asyncapi — modelina |
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer’s GitHub Security Advisory (GHSA) noting “It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior.” The suggested workaround from the maintainers is “Fully custom presets that change the entire rendering process which can then escape the user input.” |
2023-01-26 |
not yet calculated |
CVE-2023-23619 MISC |
ayacms — ayacms |
AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. |
2023-01-27 |
not yet calculated |
CVE-2022-48116 MISC |
baicells — multiple_products |
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) |
2023-01-26 |
not yet calculated |
CVE-2023-24022 MISC MISC MISC |
baicells — multiple_products |
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. |
2023-01-26 |
not yet calculated |
CVE-2023-24508 MISC MISC |
bind9 — bind9 |
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don’t intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1. |
2023-01-26 |
not yet calculated |
CVE-2022-3094 MISC |
bind9 — bind9 |
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. ‘Broken’ in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1. |
2023-01-26 |
not yet calculated |
CVE-2022-3488 MISC |
bind9 — bind9 |
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. |
2023-01-26 |
not yet calculated |
CVE-2022-3736 MISC |
bind9 — bind9 |
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. |
2023-01-26 |
not yet calculated |
CVE-2022-3924 MISC |
binutils — binutils |
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. |
2023-01-27 |
not yet calculated |
CVE-2022-4285 MISC MISC MISC |
bloofoxcms– bloofoxcms |
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. |
2023-01-26 |
not yet calculated |
CVE-2023-23151 MISC |
bluetooth — hci |
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer. |
2023-01-25 |
not yet calculated |
CVE-2022-3806 MISC |
broadcom — symantec_identity_manager |
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. |
2023-01-26 |
not yet calculated |
CVE-2023-23949 MISC |
broadcom — symantec_identity_manager |
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. |
2023-01-26 |
not yet calculated |
CVE-2023-23950 MISC |
broadcom — symantec_identity_manager |
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application |
2023-01-26 |
not yet calculated |
CVE-2023-23951 MISC |
btcpayserver — btcpayserver |
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. |
2023-01-26 |
not yet calculated |
CVE-2023-0493 CONFIRM MISC |
byacc — malloc |
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free). |
2023-01-20 |
not yet calculated |
CVE-2021-33641 MISC |
byacc — malloc |
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. |
2023-01-20 |
not yet calculated |
CVE-2021-33642 MISC |
campbell_scientific — multiple_products |
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files. |
2023-01-26 |
not yet calculated |
CVE-2023-0321 CONFIRM CONFIRM |
canvas-lms — canvas-lms |
Instructure Canvas LMS didn’t properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). |
2023-01-26 |
not yet calculated |
CVE-2021-36539 MISC |
centreon– centreon |
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304. |
2023-01-26 |
not yet calculated |
CVE-2022-41142 N/A N/A |
checkmk — checkmk |
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected. |
2023-01-26 |
not yet calculated |
CVE-2023-0284 MISC |
chinamobile — plc_wireless_router |
An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface. |
2023-01-26 |
not yet calculated |
CVE-2020-18330 MISC MISC |
chinamobile — plc_wireless_router |
Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc. |
2023-01-26 |
not yet calculated |
CVE-2020-18331 MISC MISC |
citrix — multiple_products |
Authenticated denial of service |
2023-01-26 |
not yet calculated |
CVE-2022-27507 MISC |
citrix — multiple_products |
Unauthenticated denial of service |
2023-01-26 |
not yet calculated |
CVE-2022-27508 MISC |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy – Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG’s default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9. |
2023-01-26 |
not yet calculated |
CVE-2023-23609 MISC MISC |
correos — prestashop |
A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. |
2023-01-23 |
not yet calculated |
CVE-2022-46639 MISC |
cuppacms — cuppacms |
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. |
2023-01-20 |
not yet calculated |
CVE-2021-29368 MISC |
cybereason — edr |
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges. |
2023-01-20 |
not yet calculated |
CVE-2020-25502 MISC MISC MISC |
d-link — dir-2150 |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727. |
2023-01-26 |
not yet calculated |
CVE-2022-40717 N/A N/A |
d-link — dir-2150 |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728. |
2023-01-26 |
not yet calculated |
CVE-2022-40718 N/A N/A |
d-link — dir-2150 |
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906. |
2023-01-26 |
not yet calculated |
CVE-2022-40719 N/A N/A |
d-link — dir-2150 |
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935. |
2023-01-26 |
not yet calculated |
CVE-2022-40720 N/A N/A |
d-link — dir_878_fw1.30b08 |
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. |
2023-01-27 |
not yet calculated |
CVE-2022-48107 MISC MISC |
d-link — dir_878_fw1.30b08 |
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. |
2023-01-27 |
not yet calculated |
CVE-2022-48108 MISC MISC |
d-link — multiple_products |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796. |
2023-01-26 |
not yet calculated |
CVE-2022-41140 N/A N/A |
dasherr — dasherr |
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue. |
2023-01-20 |
not yet calculated |
CVE-2023-23607 MISC MISC |
dell — realtek |
An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system. |
2023-01-26 |
not yet calculated |
CVE-2022-34405 MISC |
delta_electronics — infrasuite_device_master |
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user ‘User’, which is in the ‘Read Only User’ group, can view the password of another default user ‘Administrator’, which is in the ‘Administrator’ group. This allows any lower privileged user to log in as an administrator. |
2023-01-26 |
not yet calculated |
CVE-2023-0444 MISC |
dentsply_sirona — sidexis4 |
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. |
2023-01-26 |
not yet calculated |
CVE-2022-44263 MISC MISC |
dentsply_sirona — sidexis4 |
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path. |
2023-01-26 |
not yet calculated |
CVE-2022-44264 MISC MISC |
dentsply_sirona — sidexis4 |
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. |
2023-01-26 |
not yet calculated |
CVE-2022-44297 MISC |
dentsply_sirona — sidexis4 |
SiteServer CMS 7.1.3 is vulnerable to SQL Injection. |
2023-01-27 |
not yet calculated |
CVE-2022-44298 MISC |
devolutions — remote_desktop_manager |
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk. |
2023-01-26 |
not yet calculated |
CVE-2023-0463 MISC |
discourse — discourse |
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds. |
2023-01-26 |
not yet calculated |
CVE-2023-22739 MISC |
discourse — discourse |
Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available. |
2023-01-27 |
not yet calculated |
CVE-2023-22740 MISC MISC |
discourse — discourse |
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests. |
2023-01-28 |
not yet calculated |
CVE-2023-23616 MISC CONFIRM MISC MISC |
discourse — discourse |
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. |
2023-01-28 |
not yet calculated |
CVE-2023-23620 CONFIRM MISC MISC |
discourse — discourse |
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. |
2023-01-28 |
not yet calculated |
CVE-2023-23621 MISC MISC MISC |
discourse — discourse |
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use. |
2023-01-28 |
not yet calculated |
CVE-2023-23624 MISC MISC MISC |
discourse — discourse |
Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse’s default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site’s CSP to the default one provided with Discourse. |
2023-01-26 |
not yet calculated |
CVE-2023-22468 MISC |
doctor_appointment_management_system — doctor_appointment_management_system |
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. |
2023-01-26 |
not yet calculated |
CVE-2022-45730 MISC MISC |
eclipse — glassfish |
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with ‘./’. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. |
2023-01-27 |
not yet calculated |
CVE-2022-2712 CONFIRM |
econolite — eos |
All versions of Econolite EOS traffic control software are vulnerable to CWE-284: Improper Access Control, and lack a password requirement for gaining “READONLY” access to log files, as well as certain database and configuration files. One such file contains tables with message-digest algorithm 5 (MD5) hashes and usernames for all defined users in the control software, including administrators and technicians. |
2023-01-26 |
not yet calculated |
CVE-2023-0451 MISC |
econolite — eos |
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak Hash, and use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians. |
2023-01-26 |
not yet calculated |
CVE-2023-0452 MISC |
edgenexus — jetnexus |
The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors |
2023-01-23 |
not yet calculated |
CVE-2022-37718 MISC MISC |
edgenexus — jetnexus |
A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
2023-01-23 |
not yet calculated |
CVE-2022-37719 MISC MISC |
elastic — endpoint_security |
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. |
2023-01-26 |
not yet calculated |
CVE-2022-38774 MISC MISC |
elastic — endpoint_security |
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. |
2023-01-26 |
not yet calculated |
CVE-2022-38775 MISC MISC |
gentoo — gentoo |
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call. |
2023-01-26 |
not yet calculated |
CVE-2020-36657 MISC |
gentoo — gentoo |
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) |
2023-01-26 |
not yet calculated |
CVE-2018-25078 MISC |
gitee — mingsoft_mcms
|
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. |
2023-01-26 |
not yet calculated |
CVE-2022-47042 MISC |
github — cmark-gfm |
cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7. |
2023-01-23 |
not yet calculated |
CVE-2023-22483 MISC |
github — cmark-gfm |
cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. |
2023-01-23 |
not yet calculated |
CVE-2023-22484 MISC |
github — cmark-gfm |
cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. |
2023-01-26 |
not yet calculated |
CVE-2023-22486 MISC |
github — cmark-gfm |
cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7. |
2023-01-24 |
not yet calculated |
CVE-2023-22485 MISC |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. |
2023-01-26 |
not yet calculated |
CVE-2022-3478 MISC CONFIRM MISC |
gitlab — gitlab |
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only |
2023-01-26 |
not yet calculated |
CVE-2022-3482 MISC CONFIRM MISC |
gitlab — gitlab |
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims. |
2023-01-26 |
not yet calculated |
CVE-2022-3572 CONFIRM MISC MISC |
gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . |
2023-01-26 |
not yet calculated |
CVE-2022-3740 MISC MISC CONFIRM |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. |
2023-01-26 |
not yet calculated |
CVE-2022-3820 CONFIRM MISC |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks. |
2023-01-26 |
not yet calculated |
CVE-2022-3902 CONFIRM MISC MISC |
gitlab — gitlab |
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. |
2023-01-27 |
not yet calculated |
CVE-2022-4201 CONFIRM MISC |
gitlab — gitlab |
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. |
2023-01-27 |
not yet calculated |
CVE-2022-4205 MISC CONFIRM |
gitlab — gitlab |
An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. |
2023-01-27 |
not yet calculated |
CVE-2022-4255 MISC CONFIRM |
gitlab — gitlab |
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers. |
2023-01-26 |
not yet calculated |
CVE-2022-4054 MISC MISC CONFIRM |
gitlab — gitlab |
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input. |
2023-01-26 |
not yet calculated |
CVE-2022-4092 MISC CONFIRM MISC |
gitlab — gitlab |
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. |
2023-01-27 |
not yet calculated |
CVE-2022-4335 MISC CONFIRM MISC |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6. |
2023-01-26 |
not yet calculated |
CVE-2022-41941 MISC |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by unauthenticated users. This issue is patched in version 10.0.6. As a workaround, disable native inventory and delete inventory files from server (default location is `files/_inventory`). |
2023-01-26 |
not yet calculated |
CVE-2023-22500 MISC |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6. |
2023-01-26 |
not yet calculated |
CVE-2023-22722 MISC |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6. |
2023-01-26 |
not yet calculated |
CVE-2023-22724 MISC |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6. |
2023-01-26 |
not yet calculated |
CVE-2023-22725 MISC |
glpi — glpi |
GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, …). This issue is patched in 10.0.6. |
2023-01-26 |
not yet calculated |
CVE-2023-23610 MISC |
go — sonic |
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. |
2023-01-23 |
not yet calculated |
CVE-2022-46959 MISC |
google — android |
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272 |
2023-01-26 |
not yet calculated |
CVE-2023-20904 MISC |
google — android |
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741 |
2023-01-26 |
not yet calculated |
CVE-2023-20905 MISC |
google — android |
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861 |
2023-01-26 |
not yet calculated |
CVE-2023-20908 MISC |
google — android |
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995 |
2023-01-26 |
not yet calculated |
CVE-2023-20912 MISC |
google — android |
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 |
2023-01-26 |
not yet calculated |
CVE-2023-20913 MISC |
google — android |
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197 |
2023-01-26 |
not yet calculated |
CVE-2023-20915 MISC |
google — android |
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049 |
2023-01-26 |
not yet calculated |
CVE-2023-20916 MISC |
google — android |
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068 |
2023-01-26 |
not yet calculated |
CVE-2023-20919 MISC |
google — android |
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366 |
2023-01-26 |
not yet calculated |
CVE-2023-20920 MISC |
google — android |
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132 |
2023-01-26 |
not yet calculated |
CVE-2023-20921 MISC |
google — android |
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548 |
2023-01-26 |
not yet calculated |
CVE-2023-20922 MISC |
google — android |
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A |
2023-01-26 |
not yet calculated |
CVE-2023-20923 MISC |
google — android |
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A |
2023-01-26 |
not yet calculated |
CVE-2023-20924 MISC |
google — android |
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A |
2023-01-26 |
not yet calculated |
CVE-2023-20925 MISC |
google — android |
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel |
2023-01-26 |
not yet calculated |
CVE-2023-20928 MISC |
gpac — gpac |
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master. |
2023-01-20 |
not yet calculated |
CVE-2023-23143 MISC |
gpac — gpac |
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. |
2023-01-20 |
not yet calculated |
CVE-2023-23144 MISC |
gpac — gpac |
GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function. |
2023-01-20 |
not yet calculated |
CVE-2023-23145 MISC |
grafana — grafana |
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. |
2023-01-27 |
not yet calculated |
CVE-2022-39324 MISC MISC MISC MISC MISC |
grafana — grafana |
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren’t properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix. |
2023-01-27 |
not yet calculated |
CVE-2022-23552 MISC MISC MISC MISC MISC |
hacklcs — hfish |
An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information. |
2023-01-26 |
not yet calculated |
CVE-2020-22327 MISC |
haven — haven |
Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch. |
2023-01-27 |
not yet calculated |
CVE-2023-24060 MISC MISC |
healthchecks — healthchecks |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository healthchecks/healthchecks prior to v2.6. |
2023-01-23 |
not yet calculated |
CVE-2023-0440 CONFIRM MISC |
hl7 — fhir-ig-publisher |
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive). |
2023-01-26 |
not yet calculated |
CVE-2023-24057 MISC |
html-stripscripts — html-stripscripts |
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. |
2023-01-21 |
not yet calculated |
CVE-2023-24038 MISC |
hughes_network_systems — hx200 |
Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. |
2023-01-26 |
not yet calculated |
CVE-2023-22971 MISC MISC |
ibm — N/A |
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. |
2023-01-26 |
not yet calculated |
CVE-2022-43864 MISC MISC MISC |
ibm — N/A |
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. |
2023-01-26 |
not yet calculated |
CVE-2022-43917 MISC MISC |
ibm — identity_manager |
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078. |
2023-01-26 |
not yet calculated |
CVE-2022-22462 MISC MISC |
id_software_project_and_consultancy_services — b2b_customer_ordering_system |
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347. |
2023-01-24 |
not yet calculated |
CVE-2022-4554 CONFIRM |
isoftforce — dreamer_cms |
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability. |
2023-01-26 |
not yet calculated |
CVE-2023-0513 MISC MISC MISC MISC |
italtel — netmatch-s_cl |
Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). |
2023-01-27 |
not yet calculated |
CVE-2022-39811 MISC |
italtel — netmatch-s_cl |
Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server. |
2023-01-27 |
not yet calculated |
CVE-2022-39812 MISC |
italtel — netmatch-s_cl |
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it. |
2023-01-27 |
not yet calculated |
CVE-2022-39813 MISC |
jenkins — jenkins |
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. |
2023-01-26 |
not yet calculated |
CVE-2023-24422 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. |
2023-01-26 |
not yet calculated |
CVE-2023-24423 MISC |
jenkins — jenkins |
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. |
2023-01-26 |
not yet calculated |
CVE-2023-24424 MISC |
jenkins — jenkins |
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. |
2023-01-26 |
not yet calculated |
CVE-2023-24425 MISC |
jenkins — jenkins |
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. |
2023-01-26 |
not yet calculated |
CVE-2023-24426 MISC |
jenkins — jenkins |
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. |
2023-01-26 |
not yet calculated |
CVE-2023-24427 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker’s account. |
2023-01-26 |
not yet calculated |
CVE-2023-24428 MISC |
jenkins — jenkins |
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. |
2023-01-26 |
not yet calculated |
CVE-2023-24429 MISC |
jenkins — jenkins |
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
2023-01-26 |
not yet calculated |
CVE-2023-24430 MISC |
jenkins — jenkins |
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24431 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24432 MISC |
jenkins — jenkins |
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24433 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24434 MISC |
jenkins — jenkins |
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24435 MISC |
jenkins — jenkins |
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24436 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24437 MISC |
jenkins — jenkins |
A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24438 MISC |
jenkins — jenkins |
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
2023-01-26 |
not yet calculated |
CVE-2023-24439 MISC |
jenkins — jenkins |
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
2023-01-26 |
not yet calculated |
CVE-2023-24440 MISC |
jenkins — jenkins |
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
2023-01-26 |
not yet calculated |
CVE-2023-24441 MISC |
jenkins — jenkins |
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
2023-01-26 |
not yet calculated |
CVE-2023-24442 MISC |
jenkins — jenkins |
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
2023-01-26 |
not yet calculated |
CVE-2023-24443 MISC |
jenkins — jenkins |
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. |
2023-01-26 |
not yet calculated |
CVE-2023-24444 MISC |
jenkins — jenkins |
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24445 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. |
2023-01-26 |
not yet calculated |
CVE-2023-24447 MISC |
jenkins — jenkins |
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. |
2023-01-26 |
not yet calculated |
CVE-2023-24448 MISC |
jenkins — jenkins |
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. |
2023-01-26 |
not yet calculated |
CVE-2023-24449 MISC |
jenkins — jenkins |
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
2023-01-26 |
not yet calculated |
CVE-2023-24451 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. |
2023-01-26 |
not yet calculated |
CVE-2023-24452 MISC |
jenkins — jenkins |
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. |
2023-01-26 |
not yet calculated |
CVE-2023-24453 MISC |
jenkins — jenkins |
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
2023-01-26 |
not yet calculated |
CVE-2023-24454 MISC |
jenkins — jenkins |
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. |
2023-01-26 |
not yet calculated |
CVE-2023-24455 MISC |
jenkins — jenkins |
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. |
2023-01-26 |
not yet calculated |
CVE-2023-24456 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker’s account. |
2023-01-26 |
not yet calculated |
CVE-2023-24457 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. |
2023-01-26 |
not yet calculated |
CVE-2023-24458 MISC |
jenkins — jenkins |
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
2023-01-26 |
not yet calculated |
CVE-2023-24459 MISC |
jenkins — jenkins |
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker’s account. |
2023-01-26 |
not yet calculated |
CVE-2023-24446 MISC |
jenkins — jenkins |
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. |
2023-01-26 |
not yet calculated |
CVE-2023-24450 MISC |
jorani — jorani |
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. |
2023-01-27 |
not yet calculated |
CVE-2022-48118 MISC |
lenovo — ideapad |
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. |
2023-01-26 |
not yet calculated |
CVE-2022-3432 MISC |
lenovo — leyun |
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service. |
2023-01-20 |
not yet calculated |
CVE-2022-1109 MISC |
lenovo — notebook |
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
2023-01-26 |
not yet calculated |
CVE-2022-1890 MISC |
lenovo — notebook |
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
2023-01-26 |
not yet calculated |
CVE-2022-1891 MISC |
lenovo — notebook |
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
2023-01-26 |
not yet calculated |
CVE-2022-1892 MISC |
lenovo — notebook |
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. |
2023-01-23 |
not yet calculated |
CVE-2022-3430 MISC |
lenovo — safecenter |
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application. |
2023-01-23 |
not yet calculated |
CVE-2022-4816 MISC |
lexmark — multiple_products |
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. |
2023-01-23 |
not yet calculated |
CVE-2023-22960 MISC |
lexmark — multiple_products |
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. |
2023-01-23 |
not yet calculated |
CVE-2023-23560 MISC MISC |
libgit2 — libgit2 |
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2’s `git_remote_callbacks` structure – if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default – without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked. |
2023-01-20 |
not yet calculated |
CVE-2023-22742 MISC MISC MISC MISC MISC MISC |
libtiff — libtiff |
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., “WRITE of size 307203”) via a crafted TIFF image. |
2023-01-23 |
not yet calculated |
CVE-2022-48281 MISC MISC DEBIAN |
lightftp — lightftp |
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName. |
2023-01-21 |
not yet calculated |
CVE-2023-24042 MISC |
limesurvey — limesurvey |
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. |
2023-01-27 |
not yet calculated |
CVE-2022-48008 MISC |
linux — linux_kernel |
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. |
2023-01-27 |
not yet calculated |
CVE-2022-4139 MISC MISC |
linux — linux_kernel |
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. |
2023-01-26 |
not yet calculated |
CVE-2023-0394 MISC |
linux — linux_kernel |
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. |
2023-01-26 |
not yet calculated |
CVE-2023-0468 MISC |
linux — linux_kernel |
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. |
2023-01-26 |
not yet calculated |
CVE-2023-0469 MISC |
metabase — metabase |
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn’t be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds. |
2023-01-28 |
not yet calculated |
CVE-2023-23628 MISC |
metabase — metabase |
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the “Subscriptions and Alerts” permission for groups that have restricted data permissions, as a workaround. |
2023-01-28 |
not yet calculated |
CVE-2023-23629 MISC |
misp — misp |
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field. |
2023-01-23 |
not yet calculated |
CVE-2023-24070 MISC |
mitsubishi_electric — multiple_products |
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers. |
2023-01-20 |
not yet calculated |
CVE-2022-40267 MISC MISC MISC |
modoboa — modoboa |
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. |
2023-01-23 |
not yet calculated |
CVE-2023-0438 CONFIRM MISC |
modoboa — modoboa |
Cross-site Scripting (XSS) – Stored in GitHub repository modoboa/modoboa prior to 2.0.4. |
2023-01-26 |
not yet calculated |
CVE-2023-0470 CONFIRM MISC |
modoboa — modoboa |
Cross-site Scripting (XSS) – Stored in GitHub repository modoboa/modoboa prior to 2.0.4. |
2023-01-26 |
not yet calculated |
CVE-2023-0519 CONFIRM MISC |
modsecurity — modsecurity |
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. |
2023-01-20 |
not yet calculated |
CVE-2022-48279 MISC MISC MISC MISC MISC MLIST |
modsecurity — web_application_firewall |
Incorrect handling of ‘ |