Month: February 2023

alerts

VMware Releases Security Updates for Carbon Black App Control

Post author By admin
Post date February 23, 2023

Original release date: February 23, 2023

VMware has released security updates to address a vulnerability in Carbon Black App Control. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the VMware Security Advisories page.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0004and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Vulnerability Summary for the Week of February 13, 2023

Post author By admin
Post date February 23, 2023

Original release date: February 23, 2023

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
baicells — neutrino_430_firmware	Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.	2023-02-11	10	CVE-2023-0776 MISC
webbuildersgroup — silverstripe-kapost-bridge	A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.	2023-02-10	9.8	CVE-2015-10077 MISC MISC MISC MISC
apsystems — ecu-r_firmware	Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.	2023-02-10	9.8	CVE-2022-45699 MISC MISC
codenameone — codename_one	A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.	2023-02-10	9.8	CVE-2022-4903 MISC MISC MISC MISC MISC
medical_certificate_generator_app_project — medical_certificate_generator_app	A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability.	2023-02-10	9.8	CVE-2023-0774 MISC MISC MISC
modoboa — modoboa	Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.	2023-02-10	9.8	CVE-2023-0777 MISC CONFIRM
microsoft — multiple_products	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	2023-02-14	9.8	CVE-2023-21689 MISC
microsoft — multiple_products	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	2023-02-14	9.8	CVE-2023-21690 MISC
microsoft — multiple_products	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	2023-02-14	9.8	CVE-2023-21692 MISC
microsoft — multiple_products	Microsoft Word Remote Code Execution Vulnerability	2023-02-14	9.8	CVE-2023-21716 MISC
microsoft — windows_10/server_2008	Windows iSCSI Discovery Service Remote Code Execution Vulnerability	2023-02-14	9.8	CVE-2023-21803 MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.	2023-02-10	9.8	CVE-2023-24348 MISC MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.	2023-02-10	9.8	CVE-2023-24349 MISC MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.	2023-02-10	9.8	CVE-2023-24350 MISC MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.	2023-02-10	9.8	CVE-2023-24352 MISC MISC
wago — unmanaged_switch_852-111/000-001	In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.	2023-02-16	9.1	CVE-2022-3843 MISC
keystorage — global_facilities_management_software	Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.	2023-02-10	9.1	CVE-2022-45766 MISC
orangelab — imagemagick_engine	The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘cli_path’ parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.	2023-02-10	8.8	CVE-2022-3568 MISC MISC MISC MISC
sierrawireless — aleos	Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.	2023-02-10	8.8	CVE-2022-46649 MISC MISC MISC
pinpoint — pinpoint_booking_system	The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.	2023-02-13	8.8	CVE-2023-0220 MISC
shortpixel — enable_media_replace	The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.	2023-02-13	8.8	CVE-2023-0255 MISC
ljapps — wp_google_review_slider	The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.	2023-02-13	8.8	CVE-2023-0259 MISC
ljapps — wp_review_slider	The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.	2023-02-13	8.8	CVE-2023-0260 MISC
ljapps — wp_tripadvisor_review_slider	The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.	2023-02-13	8.8	CVE-2023-0261 MISC
ljapps — wp_airbnb_review_slider	The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.	2023-02-13	8.8	CVE-2023-0262 MISC
ljapps — wp_yelp_review_slider	The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.	2023-02-13	8.8	CVE-2023-0263 MISC
ampache — ampache	SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.	2023-02-10	8.8	CVE-2023-0771 CONFIRM MISC
microsoft — multiple_products	Microsoft Exchange Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21529 MISC
microsoft — multiple_products	Microsoft PostScript Printer Driver Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21684 MISC
microsoft — multiple_products	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21685 MISC
microsoft — multiple_products	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21686 MISC
microsoft — sql_server	Microsoft SQL Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21705 MISC
microsoft — multiple_products	Microsoft Exchange Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21706 MISC
microsoft — multiple_products	Microsoft Exchange Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21707 MISC
microsoft — sql_server	Microsoft SQL Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21713 MISC
microsoft — multiple_products	Microsoft SharePoint Server Elevation of Privilege Vulnerability	2023-02-14	8.8	CVE-2023-21717 MISC
microsoft — multiple_products	Microsoft ODBC Driver Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21797 MISC
microsoft — multiple_products	Microsoft ODBC Driver Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21798 MISC
microsoft — multiple_products	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	2023-02-14	8.8	CVE-2023-21799 MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.	2023-02-10	8.8	CVE-2023-24343 MISC MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.	2023-02-10	8.8	CVE-2023-24344 MISC MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.	2023-02-10	8.8	CVE-2023-24345 MISC MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.	2023-02-10	8.8	CVE-2023-24346 MISC MISC
dlink — dir-605l_firmware	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.	2023-02-10	8.8	CVE-2023-24347 MISC MISC
microsoft — azure_stack	Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability	2023-02-14	8.7	CVE-2023-21777 MISC
microsoft — visual_studio	Visual Studio Remote Code Execution Vulnerability	2023-02-14	8.4	CVE-2023-21815 MISC
microsoft — visual_studio	Visual Studio Remote Code Execution Vulnerability	2023-02-14	8.4	CVE-2023-23381 MISC
microsoft — dynamics_365	Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability	2023-02-14	8.3	CVE-2023-21778 MISC
microsoft — edge	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	2023-02-14	8.3	CVE-2023-23374 MISC
microsoft — power_bi_report_server	Power BI Report Server Spoofing Vulnerability	2023-02-14	8.2	CVE-2023-21806 MISC
microsoft — sql_server	Microsoft SQL Server Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21528 MISC
microsoft — visual_studio	Visual Studio Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-21566 MISC
adobe — photoshop	Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-21574 MISC
adobe — photoshop	Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-21575 MISC
adobe — photoshop	Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-21576 MISC
adobe — framemaker	FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-21619 MISC
adobe — framemaker	FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-21621 MISC
adobe — framemaker	FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-21622 MISC
microsoft — multiple_products	NT OS Kernel Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-21688 MISC
microsoft — sql_server	Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21704 MISC
microsoft — sql_server	Microsoft SQL ODBC Driver Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21718 MISC
microsoft — windows_server_2008	Windows Installer Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-21800 MISC
microsoft — multiple_products	Microsoft PostScript Printer Driver Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21801 MISC
microsoft — multiple_products	Windows Media Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21802 MISC
microsoft — multiple_products	Windows Graphics Component Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-21804 MISC
microsoft — multiple_products	Windows MSHTML Platform Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21805 MISC
microsoft — multiple_products	.NET and Visual Studio Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21808 MISC
microsoft — defender_security_intelligence_updates	Microsoft Defender for Endpoint Security Feature Bypass Vulnerability	2023-02-14	7.8	CVE-2023-21809 MISC
microsoft — multiple_products	Windows Common Log File System Driver Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-21812 MISC
microsoft — multiple_products	Windows Kerberos Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-21817 MISC
microsoft — multiple_products	Windows Graphics Component Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-21822 MISC
microsoft — multiple_products	Windows Graphics Component Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-21823 MISC
adobe — bridge	Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22226 MISC
adobe — bridge	Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22227 MISC
adobe — bridge	Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22228 MISC
adobe — bridge	Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22229 MISC
adobe — bridge	Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22230 MISC
adobe — premiere_rush	Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22234 MISC
adobe — animate	Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22236 MISC
adobe — after_affects	After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22237 MISC
adobe — after_affects	After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22238 MISC
adobe — after_affects	After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22239 MISC
adobe — animate	Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22243 MISC
adobe — premiere_rush	Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22244 MISC
adobe — animate	Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	7.8	CVE-2023-22246 MISC
microsoft — multiple_products	Windows Common Log File System Driver Elevation of Privilege Vulnerability	2023-02-14	7.8	CVE-2023-23376 MISC
microsoft — 3d_builder	3D Builder Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-23377 MISC
microsoft — print_3d	Print 3D Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-23378 MISC
microsoft — 3d_builder	3D Builder Remote Code Execution Vulnerability	2023-02-14	7.8	CVE-2023-23390 MISC
dell — alienware_command_center	Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.	2023-02-10	7.8	CVE-2023-24569 MISC
wprealize — extensive_vc_addons_for_wpbakery_page_builder	The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.	2023-02-13	7.5	CVE-2023-0159 MISC
microsoft — azure_devops_server	Azure DevOps Server Remote Code Execution Vulnerability	2023-02-14	7.5	CVE-2023-21553 MISC
microsoft — multiple_products	Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability	2023-02-14	7.5	CVE-2023-21691 MISC
microsoft — multiple_products	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	2023-02-14	7.5	CVE-2023-21695 MISC
microsoft — multiple_products	Windows iSCSI Discovery Service Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21700 MISC
microsoft — multiple_products	Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21701 MISC
microsoft — multiple_products	Windows iSCSI Service Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21702 MISC
microsoft — multiple_products	Windows iSCSI Service Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21811 MISC
microsoft — multiple_products	Windows Secure Channel Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21813 MISC
microsoft — multiple_products	Windows Active Directory Domain Services API Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21816 MISC
microsoft — multiple_products	Windows Secure Channel Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21818 MISC
microsoft — multiple_products	Windows Secure Channel Denial of Service Vulnerability	2023-02-14	7.5	CVE-2023-21819 MISC
apache — nifi	The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.	2023-02-10	7.5	CVE-2023-22832 MISC MISC
microsoft — multiple_products	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	2023-02-14	7.4	CVE-2023-21820 MISC
microsoft — sql_server	Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability	2023-02-14	7.3	CVE-2023-21568 MISC
microsoft — 365_apps_for_enterprise	Microsoft Publisher Security Features Bypass Vulnerability	2023-02-14	7.3	CVE-2023-21715 MISC
microsoft — exchange_server_2016/exchange_server_2019	Microsoft Exchange Server Remote Code Execution Vulnerability	2023-02-14	7.2	CVE-2023-21710 MISC
microsoft — azure_devops_server	Azure DevOps Server Cross-Site Scripting Vulnerability	2023-02-14	7.1	CVE-2023-21564 MISC
dell — alienware_update	Dell Command \| Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.	2023-02-10	7.1	CVE-2023-23698 MISC
dell — command_\|_monitor	Dell Command \| Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.	2023-02-10	7.1	CVE-2023-24573 MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
microsoft — multiple_products	Windows Fax Service Remote Code Execution Vulnerability	2023-02-14	6.8	CVE-2023-21694 MISC
dell — emc_powerscale_onefs	Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.	2023-02-10	6.7	CVE-2022-34454 MISC
cozmoslabs — profile_builder	The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. This does require the Usermeta shortcode be enabled to be exploited.	2023-02-14	6.5	CVE-2023-0814 MISC MISC
microsoft — dynamics_365	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	2023-02-14	6.5	CVE-2023-21572 MISC
microsoft — azure_data_box/azure_stack_edge	Azure Data Box Gateway Remote Code Execution Vulnerability	2023-02-14	6.5	CVE-2023-21703 MISC
microsoft — onenote	Microsoft OneNote Spoofing Vulnerability	2023-02-14	6.5	CVE-2023-21721 MISC
microsoft — azure_machine_learning	Azure Machine Learning Compute Instance Information Disclosure Vulnerability	2023-02-14	6.5	CVE-2023-23382 MISC
microsoft — defender_for_iot	Microsoft Defender for IoT Elevation of Privilege Vulnerability	2023-02-14	6.4	CVE-2023-23379 MISC
microsoft — multiple_products	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	2023-02-14	6.2	CVE-2023-21697 MISC
farsight — provide_server	Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.	2023-02-10	6.1	CVE-2023-23286 MISC MISC
microsoft — dynamics_365	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	2023-02-14	5.8	CVE-2023-21807 MISC
microsoft — multiple_products	Microsoft PostScript Printer Driver Information Disclosure Vulnerability	2023-02-14	5.7	CVE-2023-21693 MISC
microsoft — visual_studio	Visual Studio Denial of Service Vulnerability	2023-02-14	5.6	CVE-2023-21567 MISC
dell — r6515_firmware	Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.	2023-02-10	5.5	CVE-2022-34376 MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.	2023-02-13	5.5	CVE-2023-0795 MISC CONFIRM MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.	2023-02-13	5.5	CVE-2023-0796 CONFIRM MISC MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.	2023-02-13	5.5	CVE-2023-0797 MISC MISC CONFIRM
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.	2023-02-13	5.5	CVE-2023-0798 CONFIRM MISC MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.	2023-02-13	5.5	CVE-2023-0799 CONFIRM MISC MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.	2023-02-13	5.5	CVE-2023-0800 CONFIRM MISC MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.	2023-02-13	5.5	CVE-2023-0801 MISC MISC CONFIRM
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.	2023-02-13	5.5	CVE-2023-0802 CONFIRM MISC MISC
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.	2023-02-13	5.5	CVE-2023-0803 MISC MISC CONFIRM
libtiff — libtiff	LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.	2023-02-13	5.5	CVE-2023-0804 MISC MISC CONFIRM
adobe — photoshop	Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-21577 MISC
adobe — photoshop	Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-21578 MISC
adobe — bridge	Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-21583 MISC
adobe — framemaker	FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-21584 MISC
adobe — indesign	Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-21593 MISC
adobe — framemaker	FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-21620 MISC
microsoft — server_2022/windows_11	HTTP.sys Information Disclosure Vulnerability	2023-02-14	5.5	CVE-2023-21687 MISC
microsoft — office/365_apps_for_enterprise	Microsoft Office Information Disclosure Vulnerability	2023-02-14	5.5	CVE-2023-21714 MISC
adobe — bridge	Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-22231 MISC
adobe — after_affects	After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-02-17	5.5	CVE-2023-22233 MISC
pickplugins — product_slider_for_woocommerce	The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	5.4	CVE-2023-0166 MISC
zohocorp — zoho_forms	The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	5.4	CVE-2023-0169 MISC
wpdevart — social_like_box_and_page	The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	5.4	CVE-2023-0177 MISC
yamaps_project — yamaps	The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	5.4	CVE-2023-0270 MISC
tipsandtricks-hq — easy_accept_payments_for_paypal	The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	5.4	CVE-2023-0275 MISC
templatesnext — templatesnext_toolkit	The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	5.4	CVE-2023-0333 MISC
shapedplugin — location_weather	The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	5.4	CVE-2023-0360 MISC
themify — portfolio_post	Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	5.4	CVE-2023-0362 MISC
smartwp — lightweight_accordion	The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	5.4	CVE-2023-0373 MISC
rebelcode — spotlight_social_feeds	The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	5.4	CVE-2023-0379 MISC
microsoft — dynamics_365	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	2023-02-14	5.4	CVE-2023-21570 MISC
microsoft — dynamics_365	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	2023-02-14	5.4	CVE-2023-21571 MISC
microsoft — dynamics_365	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	2023-02-14	5.4	CVE-2023-21573 MISC
huawei — e5573cs-322_firmware	There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.	2023-02-10	5.3	CVE-2018-7935 MISC
microsoft — multiple_products	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	2023-02-14	5.3	CVE-2023-21699 MISC
microsoft — edge	Microsoft Edge (Chromium-based) Tampering Vulnerability	2023-02-14	5.3	CVE-2023-21720 MISC
adobe — connect	Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.	2023-02-17	5.3	CVE-2023-22232 MISC
sierrawireless — aleos	Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.	2023-02-10	4.9	CVE-2022-46650 MISC MISC MISC
dell — emc_powerscale_onefs	Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields.	2023-02-10	4.8	CVE-2022-33934 MISC
formwork_project — formwork	A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.	2023-02-10	4.8	CVE-2023-24230 MISC MISC
inventory_management_system_project — inventory_management_system	A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.	2023-02-10	4.8	CVE-2023-24231 MISC MISC
inventory_management_system_project — inventory_management_system	A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.	2023-02-10	4.8	CVE-2023-24232 MISC MISC
inventory_management_system_project — inventory_management_system	A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.	2023-02-10	4.8	CVE-2023-24233 MISC MISC
inventory_management_system_project — inventory_management_system	A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.	2023-02-10	4.8	CVE-2023-24234 MISC MISC
microsoft — multiple_products	.NET Framework Denial of Service Vulnerability	2023-02-14	4.4	CVE-2023-21722 MISC
gptaipower — gpt_ai_power	The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.	2023-02-13	4.3	CVE-2023-0405 MISC
microsoft — edge	Microsoft Edge (Chromium-based) Spoofing Vulnerability	2023-02-14	4.3	CVE-2023-21794 MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
dell — powerpath_management_appliance	PowerPath Management Appliance with versions 3.3, 3.2, 3.1 & 3.0 contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.	2023-02-10	2.7	CVE-2022-34452 MISC

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
walrusirc — walrusirc	A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The name of the patch is 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751.	2023-02-13	not yet calculated	CVE-2015-10079 MISC MISC MISC MISC
mozilla — fierfox_for_ios	Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.	2023-02-16	not yet calculated	CVE-2019-17003 MISC
mozilla — fierfox_esr	The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.	2023-02-16	not yet calculated	CVE-2020-12413 MISC MISC
mvp-player — mvp	An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.	2023-02-17	not yet calculated	CVE-2020-19824 MISC
kimai2 — kimai2	Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.	2023-02-15	not yet calculated	CVE-2020-19825 MISC MISC
kliqqi-cms — kliqqi-cms	SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.	2023-02-15	not yet calculated	CVE-2020-21119 MISC
uqcms — uqcms	SQL Injection vulnerability in file homecontrolscart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.	2023-02-15	not yet calculated	CVE-2020-21120 MISC MISC
online_doctor_appointment_booking_system — online_doctor_appointment_booking_system	SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.	2023-02-17	not yet calculated	CVE-2020-29168 MISC MISC MISC
kong — lua-multipart	A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the patch is d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.	2023-02-12	not yet calculated	CVE-2020-36661 MISC MISC MISC MISC MISC
mozilla — bleach	bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(…, attributes={‘a’: [‘style’]}).	2023-02-16	not yet calculated	CVE-2020-6817 MISC MISC
intel — 3rd_gen_intel_xeon_scalable_processor	Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2021-0187 MISC
mozilla — bleach	A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.	2023-02-16	not yet calculated	CVE-2021-23980 MISC MISC
vivo — frame_service	The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.	2023-02-17	not yet calculated	CVE-2021-26277 CONFIRM
phpfusion — phpfusion	An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.	2023-02-17	not yet calculated	CVE-2021-3172 MISC MISC
libraw — libraw	Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.	2023-02-17	not yet calculated	CVE-2021-32142 MISC MISC MISC MISC
mosn — mosn	Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization.	2023-02-17	not yet calculated	CVE-2021-32163 MISC MISC
schism_tracker — schism_tracker	An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.	2023-02-17	not yet calculated	CVE-2021-32419 MISC MISC
exponent-cms — exponent-cms	SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.	2023-02-17	not yet calculated	CVE-2021-32441 MISC MISC
moby — hyperkit	HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.	2023-02-17	not yet calculated	CVE-2021-32843 MISC MISC CONFIRM
moby — hyperkit	HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.	2023-02-17	not yet calculated	CVE-2021-32844 MISC MISC CONFIRM
moby — hyperkit	HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.	2023-02-17	not yet calculated	CVE-2021-32845 MISC MISC CONFIRM
moby — hyperkit	HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.	2023-02-17	not yet calculated	CVE-2021-32846 MISC MISC CONFIRM
intel — ofu_software	Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2021-33104 MISC
saltstack — saltstack	Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.	2023-02-17	not yet calculated	CVE-2021-33226 MISC
ymfe — yapo	Cross Site Scripting vulnerability in YMFE yapo v1.9.1 allows attacker to execute arbitrary code via the remark parameter of the interface edit page.	2023-02-17	not yet calculated	CVE-2021-33237 MISC
virtualsquare — pictotcp	Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.	2023-02-15	not yet calculated	CVE-2021-33304 MISC
htacg — html_tidy	An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.	2023-02-17	not yet calculated	CVE-2021-33391 MISC
baijiacms — baijiacms	Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.	2023-02-15	not yet calculated	CVE-2021-33396 MISC
cms-corephp — cms-corephp	SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.	2023-02-15	not yet calculated	CVE-2021-33925 MISC
plone — plone_cms	An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.	2023-02-17	not yet calculated	CVE-2021-33926 MISC MISC MISC
fantasticlbp — hotels_server	SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.	2023-02-17	not yet calculated	CVE-2021-33948 MISC
feminer — wms	An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.	2023-02-17	not yet calculated	CVE-2021-33949 MISC
openkm — document_management_system	An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.	2023-02-17	not yet calculated	CVE-2021-33950 MISC MISC MISC
dvidelabs — flatcc	Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.	2023-02-17	not yet calculated	CVE-2021-33983 MISC
seopanel — seopanel	SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.	2023-02-15	not yet calculated	CVE-2021-34117 MISC MISC MISC
lizhifaka — lizhifaka	Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.	2023-02-17	not yet calculated	CVE-2021-34164 MISC
ttyd — ttyd	An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.	2023-02-17	not yet calculated	CVE-2021-34182 MISC
yupoxion — bearadmin	File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.	2023-02-17	not yet calculated	CVE-2021-35261 MISC
dataease — dataease	SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.	2023-02-15	not yet calculated	CVE-2021-38239 MISC
flatcore — flatcore-cms	Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.	2023-02-16	not yet calculated	CVE-2021-40555 MISC
fortinet — fortiweb	Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.	2023-02-16	not yet calculated	CVE-2021-42756 MISC
fortinet — fortiweb	A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.	2023-02-16	not yet calculated	CVE-2021-42761 MISC
fortinet — multiple_products	An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.	2023-02-16	not yet calculated	CVE-2021-43074 MISC
mozilla — thunderbird	Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures.	2023-02-16	not yet calculated	CVE-2021-43529 MISC
mruby — mruby	An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.	2023-02-14	not yet calculated	CVE-2021-46023 MISC
mozilla — mozilla_pollbot	There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.	2023-02-16	not yet calculated	CVE-2022-0637 MISC MISC
cisco — clamav	A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.	2023-02-17	not yet calculated	CVE-2022-20803 CISCO
crypto — crypto_api_toolkit_for_intel_sgx	Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-21163 MISC
intel — atom/xeon_scalable_processors	Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.	2023-02-16	not yet calculated	CVE-2022-21216 MISC
dell — emc_unity	Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.	2023-02-14	not yet calculated	CVE-2022-22564 MISC
intel — oneapi_data_analytics_library/oneapi_base_toolkit	Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-25905 MISC
glance — glance	Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).	2023-02-13	not yet calculated	CVE-2022-25937 MISC MISC
usememos — memos	All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.	2023-02-15	not yet calculated	CVE-2022-25978 MISC MISC MISC
intel — c++_compiler_classic	Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2023-02-16	not yet calculated	CVE-2022-25987 MISC
intel — oneapi_toolkits_oneapi-cli	Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-25992 MISC
intel — distribution_for_python_programming_language_for_intel_oneapi_toolkits	Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26032 MISC
intel — mpi_library_for_intel_oneapi_hpc_toolkit	Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26052 MISC
intel — trace_analyzer_and_collector_for_intel_oneapi_hpc	Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26062 MISC
intel — oneapi_deep_neural_network	Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26076 MISC
fortinet — fortisandbox	A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords.	2023-02-16	not yet calculated	CVE-2022-26115 MISC
intel — multiple_products	Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26343 MISC
intel — oneapi_toolkit_openmp	Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26345 MISC
intel — dpc++/c++_compiler	Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26421 MISC
intel — oneapi_collective_communications_library/oneapi_base_toolkit	Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26425 MISC
intel — sgx_sdk	Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.	2023-02-16	not yet calculated	CVE-2022-26509 MISC
intel — fpga_add-on_for_intel_oneapi_base_toolkit	Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26512 MISC
intel — multiple_products	Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26837 MISC
intel — quartus_prime_pro_and_standard_editions	Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-26840 MISC
intel — sgx_sdk_software_for_linux	Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.	2023-02-16	not yet calculated	CVE-2022-26841 MISC
intel — dpc++/c++_compiler	Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2023-02-16	not yet calculated	CVE-2022-26843 MISC
intel — quartus_prime_pro_and_standard_editions	Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.	2023-02-16	not yet calculated	CVE-2022-26888 MISC
intel — media_sdk	Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-27170 MISC
intel — computer_vision_annotation_tool	Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.	2023-02-16	not yet calculated	CVE-2022-27234 MISC
fortinet — fortiadc	A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.	2023-02-16	not yet calculated	CVE-2022-27482 MISC
fortinet — fortiextender	A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.	2023-02-16	not yet calculated	CVE-2022-27489 MISC
intel — ethernet_controller_administrative_tools	Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-27808 MISC
palantir — atlasdb	It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.	2023-02-16	not yet calculated	CVE-2022-27890 MISC
palantir — gotham	Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.	2023-02-16	not yet calculated	CVE-2022-27891 MISC
palantir — gotham	Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.	2023-02-16	not yet calculated	CVE-2022-27892 MISC
palantir — gotham	Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.	2023-02-16	not yet calculated	CVE-2022-27897 MISC
fortinet — fortios	A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.	2023-02-16	not yet calculated	CVE-2022-29054 MISC
integrated_bmc — integrated_bmc	Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.	2023-02-16	not yet calculated	CVE-2022-29493 MISC
openbmc — openbmc	Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.	2023-02-16	not yet calculated	CVE-2022-29494 MISC
intel — sur	Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2023-02-16	not yet calculated	CVE-2022-29514 MISC
intel — open_cas	Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-29523 MISC
lexisnexis_firco_compliance_link — lexisnexis_firco_compliance_link	LexisNexis Firco Compliance Link 3.7 allows CSRF.	2023-02-15	not yet calculated	CVE-2022-29557 MISC
fortinet — fortiweb	A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.	2023-02-16	not yet calculated	CVE-2022-30299 MISC
fortinet — fortiweb	A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.	2023-02-16	not yet calculated	CVE-2022-30300 MISC
fortinet — fortiweb	An improper neutralization of special elements used in an os command (‘OS Command Injection’) [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests.	2023-02-16	not yet calculated	CVE-2022-30303 MISC
fortinet — fortianalyzer	An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.	2023-02-16	not yet calculated	CVE-2022-30304 MISC
fortinet — fortiweb	A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.	2023-02-16	not yet calculated	CVE-2022-30306 MISC
intel — integrated_sensor_solution	Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-30339 MISC
intel — dsa	Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-30530 MISC
intel — iris_xe max_drivers_for_windows	Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.	2023-02-16	not yet calculated	CVE-2022-30531 MISC
intel — multiple_products	Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-30539 MISC
intel — sur	Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access.	2023-02-16	not yet calculated	CVE-2022-30692 MISC
intel — multiple_products	Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-30704 MISC
enocean — echelon_smartserver	Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.	2023-02-13	not yet calculated	CVE-2022-3089 MISC
intel — sur	Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-31476 MISC
siemens — sipass_integrated_ac5102	A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.	2023-02-14	not yet calculated	CVE-2022-31808 MISC
intel — multiple_products	Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-32231 MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.	2023-02-15	not yet calculated	CVE-2022-32469 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.	2023-02-15	not yet calculated	CVE-2022-32470 MISC MISC
insyde — insydeh2o	An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges.	2023-02-15	not yet calculated	CVE-2022-32471 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.	2023-02-15	not yet calculated	CVE-2022-32473 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.	2023-02-15	not yet calculated	CVE-2022-32474 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.	2023-02-15	not yet calculated	CVE-2022-32475 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.	2023-02-15	not yet calculated	CVE-2022-32476 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.	2023-02-15	not yet calculated	CVE-2022-32477 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.	2023-02-15	not yet calculated	CVE-2022-32478 MISC MISC
intel — quartus_prime_pro_and_standard_editions	Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-32570 MISC
intel — trace_analyzer_and collector	Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-32575 MISC
intel — dsa	Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-32764 MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer.	2023-02-15	not yet calculated	CVE-2022-32953 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer.	2023-02-15	not yet calculated	CVE-2022-32954 MISC MISC
insyde — insydeh2o	An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer.	2023-02-15	not yet calculated	CVE-2022-32955 MISC MISC
intel — sur	Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access.	2023-02-16	not yet calculated	CVE-2022-32971 MISC
infoblox — bloxone_endpoint_for_windows	Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation.	2023-02-17	not yet calculated	CVE-2022-32972 MISC MISC
intel — sur	Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-33190 MISC
intel — xeon_processors_with_intelâ_software_guard_extensions	Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-33196 MISC
fortinet — fortiwan	An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.	2023-02-16	not yet calculated	CVE-2022-33869 MISC
fortinet — fortiweb	A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.	2023-02-16	not yet calculated	CVE-2022-33871 MISC
intel — quartus_prime_pro_and_standard_editions	Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-33892 MISC
intel — quartus_prime_pro_and_standard_editions	Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-33902 MISC
intel — sur	Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-33946 MISC
intel — sur	Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.	2023-02-16	not yet calculated	CVE-2022-33964 MISC
intel — 3rd generation_xeon_scalable_processors	Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.	2023-02-16	not yet calculated	CVE-2022-33972 MISC
gitlab– gitlab	A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.	2023-02-13	not yet calculated	CVE-2022-3411 MISC MISC CONFIRM
intel — battery_life_diagnostic_tool	Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-34153 MISC
intel — quartus_prime_pro_and_standard_editions	Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-34157 MISC
intel — media_sdk	Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-34346 MISC
ibm — qradar_siem	IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.	2023-02-17	not yet calculated	CVE-2022-34351 MISC MISC
dell — unisphere_for_powermax	Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.	2023-02-13	not yet calculated	CVE-2022-34397 MISC
intel — media_sdk	Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-34841 MISC
intel — trace_analyzer_and collector	Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-34843 MISC
intel — iris_xe max_drivers_for_windows	Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-34849 MISC
intel — sur	Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-34854 MISC
intel — trace_analyzer_and collector	Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-34864 MISC
openbmc — openbmc	Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.	2023-02-16	not yet calculated	CVE-2022-35729 MISC
siemens — multiple_products	A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.	2023-02-14	not yet calculated	CVE-2022-35868 MISC
intel — media_sdk	NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-35883 MISC
intel — battery_life_diagnostic_tool	Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-36278 MISC
intel — fcs_server	Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.	2023-02-16	not yet calculated	CVE-2022-36287 MISC
intel — media_sdk	Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-36289 MISC
intel — sps_firmware	Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-36348 MISC
intel – qatzip	Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-36369 MISC
intel — multiple_products	Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-36382 MISC
intel — qat_drivers_for_linux	Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-36397 MISC
intel — battery_life_diagnostic_tool	Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-36398 MISC
intel –ethernet_500_series_controller_drivers_for_vmware	Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-36416 MISC
ibm — security verify access	IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.	2023-02-17	not yet calculated	CVE-2022-36775 MISC MISC
intel — sps_firmware	Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-36794 MISC
intel –ethernet_500_series_controller_drivers_for_vmware	Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.	2023-02-16	not yet calculated	CVE-2022-36797 MISC
intel — quartus_prime_pro_and_standard_editions	Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-37329 MISC
intel — qat_drivers_for_windows	Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-37340 MISC
gitlab — gitlab	An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.	2023-02-13	not yet calculated	CVE-2022-3759 MISC CONFIRM MISC
intel — ema	Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access.	2023-02-16	not yet calculated	CVE-2022-38056 MISC
intel — multiple_products	Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.	2023-02-16	not yet calculated	CVE-2022-38090 MISC
solarwinds — platform	SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.	2023-02-15	not yet calculated	CVE-2022-38111 MISC MISC
fortinet — fortinac	An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests.	2023-02-16	not yet calculated	CVE-2022-38375 MISC
fortinet — fortinac	Multiple improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.	2023-02-16	not yet calculated	CVE-2022-38376 MISC
fortinet — multiple_products	An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.	2023-02-16	not yet calculated	CVE-2022-38378 MISC
qaelum — dose	Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server’s filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.	2023-02-16	not yet calculated	CVE-2022-38731 MISC MISC
rttys — rttys	SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.	2023-02-15	not yet calculated	CVE-2022-38867 MISC
ehoney — ehoney	SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.	2023-02-15	not yet calculated	CVE-2022-38868 MISC
wordpress — wordpress	The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.	2023-02-13	not yet calculated	CVE-2022-3891 MISC
niterforum — niterforum	An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.	2023-02-15	not yet calculated	CVE-2022-38935 MISC
fortinet — multiple_products	An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy)	2023-02-16	not yet calculated	CVE-2022-39948 MISC
fortinet — fortinac	A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.	2023-02-16	not yet calculated	CVE-2022-39952 MISC
fortinet — fortinac	An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.	2023-02-16	not yet calculated	CVE-2022-39954 MISC
ireader — media-server	Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.	2023-02-15	not yet calculated	CVE-2022-40016 MISC
qvidium_technologies — amino_a140	QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability.	2023-02-17	not yet calculated	CVE-2022-40021 MISC
microsemi — syncserver_s650	Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.	2023-02-13	not yet calculated	CVE-2022-40022 MISC MISC MISC MISC
sourcecodester — simple_task_managing_system	SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in ‘username’ and ‘password’ parameters, allows attackers to execute arbitrary code and gain sensitive information.	2023-02-17	not yet calculated	CVE-2022-40032 MISC MISC MISC
acer — aspire	Stack overflow vulnerability in Aspire E5-475G ‘s BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.	2023-02-16	not yet calculated	CVE-2022-40080 MISC MISC
ibm — sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533.	2023-02-17	not yet calculated	CVE-2022-40231 MISC MISC
ibm — sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.	2023-02-17	not yet calculated	CVE-2022-40232 MISC MISC
intern_record_system — intern_record_system	SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in ‘phone’, ’email’, ‘deptType’ and ‘name’ parameters, allows attackers to execute arbitrary code and gain sensitive information.	2023-02-17	not yet calculated	CVE-2022-40347 MISC MISC MISC
intern_record_system — intern_record_system	Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in ‘name’ and ’email’ parameters, allows attackers to execute arbitrary code.	2023-02-18	not yet calculated	CVE-2022-40348 MISC MISC MISC
fortinet — fortinac	Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.	2023-02-16	not yet calculated	CVE-2022-40675 MISC
fortinet — fortinac	A improper neutralization of argument delimiters in a command (‘argument injection’) in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted input parameters.	2023-02-16	not yet calculated	CVE-2022-40677 MISC
fortinet — fortinac	An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.	2023-02-16	not yet calculated	CVE-2022-40678 MISC
fortinet — fortiweb	A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands	2023-02-16	not yet calculated	CVE-2022-40683 MISC
optinlyhq — optinly	Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.	2023-02-13	not yet calculated	CVE-2022-41134 MISC
intel — network_adapter_installer_software	Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-16	not yet calculated	CVE-2022-41314 MISC
fortinet — fortios	An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the “redir” parameter of the URL seen when the “Sign in with FortiCloud” button is clicked.	2023-02-16	not yet calculated	CVE-2022-41334 MISC
fortinet — multiple_products	A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests.	2023-02-16	not yet calculated	CVE-2022-41335 MISC
gitlab — gitlab	A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project.	2023-02-13	not yet calculated	CVE-2022-4138 CONFIRM MISC MISC
tibco — multiple_products	The Hawk Console component of TIBCO Software Inc.’s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.’s TIBCO Hawk: versions 6.2.1 and below and TIBCO Operational Intelligence Hawk RedTail: versions 7.2.0 and below.	2023-02-14	not yet calculated	CVE-2022-41564 CONFIRM CONFIRM
intel — on_event_series_android_application	Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.	2023-02-16	not yet calculated	CVE-2022-41614 MISC
ibm — maximo_asset_management	IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.	2023-02-17	not yet calculated	CVE-2022-41734 MISC MISC
asus — ec_tool_driver	ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.	2023-02-15	not yet calculated	CVE-2022-42455 MISC
fortinet — multiple_products	A improper neutralization of crlf sequences in http headers (‘http response splitting’) in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.	2023-02-16	not yet calculated	CVE-2022-42472 MISC
apache — shenyu	Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .	2023-02-15	not yet calculated	CVE-2022-42735 MISC
b&r-automation — system_diagnostics_manager	A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.	2023-02-14	not yet calculated	CVE-2022-4286 MISC
fujifilm — driver_distributor	Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator’s credentials may be decrypted.	2023-02-13	not yet calculated	CVE-2022-43460 MISC MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions.	2023-02-14	not yet calculated	CVE-2022-43469 MISC
ibm — sterling_b2b_integrator	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.	2023-02-17	not yet calculated	CVE-2022-43579 MISC MISC
ibm — multiple_products	IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.	2023-02-17	not yet calculated	CVE-2022-43927 MISC MISC
ibm — multiple_products	IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted ‘Load’ command. IBM X-Force ID: 241676.	2023-02-17	not yet calculated	CVE-2022-43929 MISC MISC
ibm — multiple_products	IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.	2023-02-17	not yet calculated	CVE-2022-43930 MISC MISC
fortinet — fortiportal	An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices’ passwords in the audit log page.	2023-02-16	not yet calculated	CVE-2022-43954 MISC
ricoh — mp_c4504ex	Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.	2023-02-16	not yet calculated	CVE-2022-43969 MISC MISC
siteservercms — siteservercms	SiteServerCMS 7.1.3 sscms has a file read vulnerability.	2023-02-16	not yet calculated	CVE-2022-44299 MISC
wordpress — wordpress	The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.	2023-02-13	not yet calculated	CVE-2022-4445 MISC
wordpress — wordpress	The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2022-4448 MISC
wordpress — wordpress	The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-13	not yet calculated	CVE-2022-4458 MISC
wordpress — wordpress	The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-13	not yet calculated	CVE-2022-4471 MISC
wordpress — wordpress	The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-13	not yet calculated	CVE-2022-4473 MISC
wordpress — wordpress	The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-13	not yet calculated	CVE-2022-4488 MISC
wordpress — wordpress	The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	not yet calculated	CVE-2022-4512 MISC
suse — multiple_products	An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.	2023-02-15	not yet calculated	CVE-2022-45153 CONFIRM
suse — multiple_products	A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.	2023-02-15	not yet calculated	CVE-2022-45154 CONFIRM
ithacalabs –vsourz_digital	Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).	2023-02-13	not yet calculated	CVE-2022-45285 MISC MISC
pandora_fms — artica	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.	2023-02-15	not yet calculated	CVE-2022-45436 CONFIRM
pandora_fms — artica	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.	2023-02-15	not yet calculated	CVE-2022-45437 CONFIRM
acronis — multiple_products	Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.	2023-02-13	not yet calculated	CVE-2022-45454 MISC
acronis — multiple_products	Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.	2023-02-13	not yet calculated	CVE-2022-45455 MISC
wordpress — wordpress	The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.	2023-02-13	not yet calculated	CVE-2022-4546 MISC MISC
wordpress — wordpress	The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2022-4551 MISC
discuzx — discuzx	Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.	2023-02-15	not yet calculated	CVE-2022-45543 MISC
screencheck_badgemaker — screencheck_badgemaker	Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.	2023-02-15	not yet calculated	CVE-2022-45546 MISC
xpdfreader — xpdfreader	Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.	2023-02-15	not yet calculated	CVE-2022-45586 MISC
xpdfreader — xpdfreader	Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.	2023-02-15	not yet calculated	CVE-2022-45587 MISC
wordpress — wordpress	The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-13	not yet calculated	CVE-2022-4562 MISC
arris — router	Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.	2023-02-17	not yet calculated	CVE-2022-45701 MISC MISC
comfast — router	Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.	2023-02-13	not yet calculated	CVE-2022-45724 MISC MISC MISC
comfast — router	Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request	2023-02-13	not yet calculated	CVE-2022-45725 MISC MISC MISC
wordpress — wordpress	The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2022-4580 MISC
open_solutions_for_education — opensis_community_edition	Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.	2023-02-13	not yet calculated	CVE-2022-45962 MISC MISC MISC CONFIRM MISC
wordpress — wordpress	The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2022-4628 MISC
wordpress — wordpress	The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.	2023-02-13	not yet calculated	CVE-2022-4656 MISC
wordpress — wordpress	The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	not yet calculated	CVE-2022-4678 MISC
wordpress — wordpress	The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2022-4682 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.	2023-02-14	not yet calculated	CVE-2022-46862 MISC
ampere_computing — multiple_products	In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.	2023-02-15	not yet calculated	CVE-2022-46892 MISC
playsms — playsms	A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.	2023-02-13	not yet calculated	CVE-2022-47034 MISC MISC
pandora_fms — console	Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.	2023-02-15	not yet calculated	CVE-2022-47372 CONFIRM
pandora_fms — console	Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.	2023-02-15	not yet calculated	CVE-2022-47373 CONFIRM
wordpress — wordpress	The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.	2023-02-13	not yet calculated	CVE-2022-4745 MISC
solarwinds — platform	SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.	2023-02-15	not yet calculated	CVE-2022-47503 MISC MISC
solarwinds — platform	SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.	2023-02-15	not yet calculated	CVE-2022-47504 MISC MISC
solarwinds — platform	SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.	2023-02-15	not yet calculated	CVE-2022-47506 MISC MISC
solarwinds — platform	SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.	2023-02-15	not yet calculated	CVE-2022-47507 MISC MISC
solarwinds — platform	Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.	2023-02-15	not yet calculated	CVE-2022-47508 MISC MISC
wordpress — wordpress	The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2022-4759 MISC
tianjie — cpe906-3	TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513.	2023-02-16	not yet calculated	CVE-2022-47703 MISC
wordpress — wordpress	The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2022-4783 MISC
siemens — multiple_products	A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2022-47936 MISC
siemens — multiple_products	A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2022-47977 MISC
ibm — aspera_faspex	IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.	2023-02-17	not yet calculated	CVE-2022-47986 MISC MISC
genymotion — desktop	Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.	2023-02-13	not yet calculated	CVE-2022-48077 MISC MISC
jspreadsheet — jspreadsheet	The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS).	2023-02-17	not yet calculated	CVE-2022-48115 MISC MISC
wordpress — wordpress	The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-13	not yet calculated	CVE-2022-4830 MISC
palantir — gotham	Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.	2023-02-16	not yet calculated	CVE-2022-48306 MISC
palantir — magritte-ftp	It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack.	2023-02-16	not yet calculated	CVE-2022-48307 MISC
palantir — sls-logging	It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service.	2023-02-16	not yet calculated	CVE-2022-48308 MISC
netgear — nighthawk_wifi_mesh	NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.	2023-02-13	not yet calculated	CVE-2022-48322 MISC
sunlogin — sunflower_simplified	Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.	2023-02-13	not yet calculated	CVE-2022-48323 MISC MISC MISC
mapos — mapos	Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) pesquisa, (2) data, (3) data2, (4) nome, (5) descricao, (6) idDocumentos, (7) id in file application/controllers/Arquivos.php; (8) senha, (9) nomeCliente, (10) contato, (11) documento, (12) telefone, (13) celular, (14) email, (15) rua, (16) numero, (17) complemento, (18) bairro, (19) cidade, (20) estado, (21) cep, (22) idClientes, (23) id in file application/controllers/Clientes.php; (24) id, (25) tipo, (26) forma_pagamento, (27) gateway_de_pagamento, (28) excluir_id, (29) confirma_id, (30) cancela_id in file application/controllers/Cobrancas.php; (31) vencimento_de, (32) vencimento_ate, (33) cliente, (34) tipo, (35) status, (36) valor_desconto, (37) desconto, (38) periodo, (39) per_page, (40) urlAtual, (41) vencimento, (42) recebimento, (43) valor, (44) recebido, (45) formaPgto, (46) desconto_parc, (47) entrada, (48) qtdparcelas_parc, (49) valor_parc, (50) dia_pgto, (51) dia_base_pgto, (52) comissao, (53) descricao_parc, (54) cliente_parc, (55) observacoes_parc, (56) formaPgto_parc, (57) tipo_parc, (58) pagamento, (59) pago, (60) valor_desconto_editar, (61) descricao, (62) fornecedor, (63) observacoes, (64) id in file application/controllers/Financeiro.php; (65) refGarantia, (66) textoGarantia, (67) idGarantias in file application/controllers/Garantias.php; (68) email, (69) senha in file application/controllers/Login.php.	2023-02-16	not yet calculated	CVE-2022-48324 MISC MISC MISC
mapos — mapos	Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6) cnpj, (7) ie, (8) cep, (9) logradouro, (10) numero, (11) bairro, (12) cidade, (13) uf, (14) telefone, (15) email, (16) id, (17) app_name, (18) per_page, (19) app_theme, (20) os_notification, (21) email_automatico, (22) control_estoque, (23) notifica_whats, (24) control_baixa, (25) control_editos, (26) control_edit_vendas, (27) control_datatable, (28) pix_key, (29) os_status_list, (30) control_2vias, (31) status, (32) start, (33) end in file application/controllers/Mapos.php; (34) token, (35) senha, (36) email, (37) nomeCliente, (38) documento, (39) telefone, (40) celular, (41) rua, (42) numero, (43) complemento, (44) bairro, (45) cidade, (46) estado, (47) cep, (48) idClientes, (49) descricaoProduto, (50) defeito in file application/controllers/Mine.php; (51) pesquisa, (52) status, (53) data, (54) data2, (55) dataInicial, (56) dataFinal, (57) termoGarantia, (58) garantias_id, (59) clientes_id, (60) usuarios_id, (61) idOs, (62) garantia, (63) descricaoProduto, (64) defeito, (65) observacoes, (66) laudoTecnico, (67) id, (68) preco, (69) quantidade, (70) idProduto, (71) idOsProduto, (72) produto, (73) idServico, (74) idOsServico, (75) desconto, (76) tipoDesconto, (77) resultado, (78) vencimento, (79) recebimento, (80) os_id, (81) valor, (82) recebido, (83) formaPgto, (84) tipo, (85) anotacao, (86) idAnotacao in file application/controllers/Os.php.	2023-02-16	not yet calculated	CVE-2022-48325 MISC MISC MISC
mapos — mapos	Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) nome, (2) aCliente, (3) eCliente, (4) dCliente, (5) vCliente, (6) aProduto, (7) eProduto, (8) dProduto, (9) vProduto, (10) aServico, (11) eServico, (12) dServico, (13) vServico, (14) aOs, (15) eOs, (16) dOs, (17) vOs, (18) aVenda, (19) eVenda, (20) dVenda, (21) vVenda, (22) aGarantia, (23) eGarantia, (24) dGarantia, (25) vGarantia, (26) aArquivo, (27) eArquivo, (28) dArquivo, (29) vArquivo, (30) aPagamento, (31) ePagamento, (32) dPagamento, (33) vPagamento, (34) aLancamento, (35) eLancamento, (36) dLancamento, (37) vLancamento, (38) cUsuario, (39) cEmitente, (40) cPermissao, (41) cBackup, (42) cAuditoria, (43) cEmail, (44) cSistema, (45) rCliente, (46) rProduto, (47) rServico, (48) rOs, (49) rVenda, (50) rFinanceiro, (51) aCobranca, (52) eCobranca, (53) dCobranca, (54) vCobranca, (55) situacao, (56) idPermissao, (57) id in file application/controllers/Permissoes.php; (58) precoCompra, (59) precoVenda, (60) descricao, (61) unidade, (62) estoque, (63) estoqueMinimo, (64) idProdutos, (65) id, (66) estoqueAtual in file application/controllers/Produtos.php.	2023-02-16	not yet calculated	CVE-2022-48326 MISC MISC MISC
mapos — mapos	Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) dataInicial, (2) dataFinal, (3) tipocliente, (4) format, (5) precoInicial, (6) precoFinal, (7) estoqueInicial, (8) estoqueFinal, (9) de_id, (10) ate_id, (11) clientes_id, (12) origem, (13) cliente, (14) responsavel, (15) status, (16) tipo, (17) situacao in file application/controllers/Relatorios.php; (18) preco, (19) nome, (20) descricao, (21) idServicos, (22) id in file application/controllers/Servicos.php; (23) senha, (24) permissoes_id, (25) idUsuarios, (26) situacao, (27) nome, (28) rg, (29) cpf, (30) cep, (31) rua, (32) numero, (33) bairro, (34) cidade, (35) estado, (36) email, (37) telefone, (38) celular in file application/controllers/Usuarios.php; (39) dataVenda, (40) observacoes, (41) observacoes_cliente, (42) clientes_id, (43) usuarios_id, (44) idVendas, (45) id, (46) idVendasProduto, (47) preco, (48) quantidade, (49) idProduto, (50) produto, (51) desconto, (52) tipoDesconto, (53) resultado, (54) vendas_id, (55) vencimento, (56) recebimento, (57) valor, (58) recebido, (59) formaPgto, (60) tipo in file application/controllers/Vendas.php; (61) situacao, (62) periodo, (63) vencimento_de, (64) vencimento_ate, (65) tipo, (66) status, (67) cliente in file application/views/financeiro/lancamentos.php; (68) year in file application/views/mapos/painel.php; (69) pesquisa in file application/views/os/os.php; (70) etiquetaCode in file application/views/relatorios/imprimir/imprimirEtiquetas.php.	2023-02-16	not yet calculated	CVE-2022-48327 MISC MISC MISC
wordpress — wordpress	A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The name of the patch is 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability.	2023-02-13	not yet calculated	CVE-2022-4905 MISC MISC MISC MISC MISC
sap_se — grc	In SAP GRC (Process Control) – versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.	2023-02-14	not yet calculated	CVE-2023-0019 MISC MISC
sap_se — businessobjects_business_intelligence_platform	SAP BusinessObjects Business Intelligence platform – versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application.	2023-02-14	not yet calculated	CVE-2023-0020 MISC MISC
sap_se — solution_manager	SAP Solution Manager (BSP Application) – version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.	2023-02-14	not yet calculated	CVE-2023-0024 MISC MISC
sap_se — solution_manager	SAP Solution Manager (BSP Application) – version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.	2023-02-14	not yet calculated	CVE-2023-0025 MISC MISC
wordpress — wordpress	The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-13	not yet calculated	CVE-2023-0034 MISC
wordpress — wordpress	The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	not yet calculated	CVE-2023-0060 MISC
wordpress — wordpress	The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	not yet calculated	CVE-2023-0061 MISC
wordpress — wordpress	The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	not yet calculated	CVE-2023-0075 MISC
wordpress — wordpress	The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.	2023-02-13	not yet calculated	CVE-2023-0080 MISC
wordpress — wordpress	The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.	2023-02-13	not yet calculated	CVE-2023-0098 MISC
wordpress — wordpress	The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.	2023-02-13	not yet calculated	CVE-2023-0099 MISC
ls_electric — xbc-dn32u	LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.	2023-02-15	not yet calculated	CVE-2023-0102 MISC
ls_electric — xbc-dn32u	If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.	2023-02-15	not yet calculated	CVE-2023-0103 MISC
wordpress — wordpress	The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-13	not yet calculated	CVE-2023-0151 MISC
gnutls — gnutls	A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.	2023-02-15	not yet calculated	CVE-2023-0361 MISC MISC MISC MLIST
hashicorp — gogetter	HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.	2023-02-16	not yet calculated	CVE-2023-0475 MISC
resteasy — resteasy	In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.	2023-02-17	not yet calculated	CVE-2023-0482 MISC
gitlab — gitlab	An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.	2023-02-13	not yet calculated	CVE-2023-0518 CONFIRM MISC MISC
php — php	In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.	2023-02-16	not yet calculated	CVE-2023-0568 MISC
sonicwall — email_security	SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.	2023-02-14	not yet calculated	CVE-2023-0655 CONFIRM
php — php	In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.	2023-02-16	not yet calculated	CVE-2023-0662 MISC
multiple_vendors — inverter	A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.	2023-02-13	not yet calculated	CVE-2023-0808 MISC MISC MISC
btcpayserver — btcpayserver	Cross-site Scripting (XSS) – Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.	2023-02-13	not yet calculated	CVE-2023-0810 CONFIRM MISC
gpac — gpac	Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.	2023-02-13	not yet calculated	CVE-2023-0817 MISC CONFIRM
gpac — gpac	Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.	2023-02-13	not yet calculated	CVE-2023-0818 MISC CONFIRM
gpac — gpac	Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.	2023-02-13	not yet calculated	CVE-2023-0819 MISC CONFIRM
hashicorp — multiple_products	HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.	2023-02-16	not yet calculated	CVE-2023-0821 MISC
delta_electronics — dianergie	The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.	2023-02-17	not yet calculated	CVE-2023-0822 MISC
pimcore — pimcore	Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 1.5.17.	2023-02-14	not yet calculated	CVE-2023-0827 MISC CONFIRM
easynas — easynas	A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-220950 is the identifier assigned to this vulnerability.	2023-02-14	not yet calculated	CVE-2023-0830 MISC MISC MISC
phpcrazy — phpcrazy	A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability.	2023-02-15	not yet calculated	CVE-2023-0840 MISC MISC MISC
gpac — gpac	A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.	2023-02-15	not yet calculated	CVE-2023-0841 MISC MISC MISC
netgear — wndr3700v2	A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.	2023-02-15	not yet calculated	CVE-2023-0848 MISC MISC
netgear — wndr3700v2	A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.	2023-02-15	not yet calculated	CVE-2023-0849 MISC MISC
netgear — wndr3700v2	A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.	2023-02-15	not yet calculated	CVE-2023-0850 MISC MISC
modoboa –modoboa-installer	Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.	2023-02-16	not yet calculated	CVE-2023-0860 CONFIRM MISC
netmodule — nsrw	NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.	2023-02-16	not yet calculated	CVE-2023-0861 MISC MISC
netmodule — nsrw	The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.	2023-02-16	not yet calculated	CVE-2023-0862 MISC MISC
gpac — gpac	Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.	2023-02-16	not yet calculated	CVE-2023-0866 CONFIRM MISC
froxlor — froxlor	Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.	2023-02-17	not yet calculated	CVE-2023-0877 CONFIRM MISC
nuxt — nuxt	Cross-site Scripting (XSS) – Generic in GitHub repository nuxt/framework prior to 3.2.1.	2023-02-17	not yet calculated	CVE-2023-0878 MISC CONFIRM
btcpayserver — btcpay_server	Cross-site Scripting (XSS) – Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.	2023-02-17	not yet calculated	CVE-2023-0879 CONFIRM MISC
phpmyfaq — phpmyfaq	Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.	2023-02-17	not yet calculated	CVE-2023-0880 MISC CONFIRM
kron_technologies –kron_tech_single_connect	Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16.	2023-02-17	not yet calculated	CVE-2023-0882 MISC MISC
sourcecodester — online_pizza_ordering_system	A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221350 is the identifier assigned to this vulnerability.	2023-02-17	not yet calculated	CVE-2023-0883 MISC MISC MISC
tftpd64 — tftpd64	A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351.	2023-02-17	not yet calculated	CVE-2023-0887 MISC MISC
wordpress — wordpress	The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.	2023-02-17	not yet calculated	CVE-2023-0895 MISC MISC
pixelfed — pixelfed	Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.	2023-02-18	not yet calculated	CVE-2023-0901 CONFIRM MISC
sourcecodester — simple_food_ordering_system	A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.	2023-02-18	not yet calculated	CVE-2023-0902 MISC MISC MISC
sourcecodester — employee_task_management_system	A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.	2023-02-18	not yet calculated	CVE-2023-0903 MISC MISC MISC
sourcecodester — employee_task_management_system	A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability.	2023-02-18	not yet calculated	CVE-2023-0904 MISC MISC MISC
sourcecodester — employee_task_management_system	A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.	2023-02-18	not yet calculated	CVE-2023-0905 MISC MISC MISC
sourcecodester — online_pizza_ordering_system	A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455.	2023-02-18	not yet calculated	CVE-2023-0906 MISC MISC
filseclab — twister_antivirus	A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is some unknown functionality in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456.	2023-02-18	not yet calculated	CVE-2023-0907 MISC MISC MISC
xoslab — easy_file_locker	A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.	2023-02-18	not yet calculated	CVE-2023-0908 MISC MISC MISC
snyk — cxasm/notepad	A vulnerability, which was classified as problematic, was found in cxasm notepad– 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.	2023-02-18	not yet calculated	CVE-2023-0909 MISC MISC MISC
sourcecodester — online_pizza_ordering_system	A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_prod.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-221476.	2023-02-18	not yet calculated	CVE-2023-0910 MISC MISC
sourcecodester — auto_dealer_management_system	A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.	2023-02-18	not yet calculated	CVE-2023-0912 MISC MISC MISC
sourcecodester — auto_dealer_management_system	A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221482 is the identifier assigned to this vulnerability.	2023-02-18	not yet calculated	CVE-2023-0913 MISC MISC MISC
google — androidmanifest.xml	In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503	2023-02-15	not yet calculated	CVE-2023-20927 MISC
google — multiple_products	In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A	2023-02-15	not yet calculated	CVE-2023-20949 MISC
jtekt_electronics_corporation — screen_creator_advance_2	Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.	2023-02-13	not yet calculated	CVE-2023-22345 MISC MISC MISC
jtekt_electronics_corporation — screen_creator_advance_2	Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.	2023-02-13	not yet calculated	CVE-2023-22346 MISC MISC MISC
jtekt_electronics_corporation — screen_creator_advance_2	Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.	2023-02-13	not yet calculated	CVE-2023-22347 MISC MISC MISC
jtekt_electronics_corporation — screen_creator_advance_2	Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.	2023-02-13	not yet calculated	CVE-2023-22349 MISC MISC MISC
jtekt_electronics_corporation — screen_creator_advance_2	Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.	2023-02-13	not yet calculated	CVE-2023-22350 MISC MISC MISC
jtekt_electronics_corporation — screen_creator_advance_2	Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.	2023-02-13	not yet calculated	CVE-2023-22353 MISC MISC MISC
jtekt_electronics_corporation — screen_creator_advance_2	Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.	2023-02-13	not yet calculated	CVE-2023-22360 MISC MISC MISC
akindo_sushiro_company_limited — sushiro_app_for_android	SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1	2023-02-13	not yet calculated	CVE-2023-22362 MISC MISC MISC MISC MISC MISC
betrend_corporation/ichiran_incorporated — ichiran_app_for_ios/ichiran_app_for_android	Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.	2023-02-13	not yet calculated	CVE-2023-22367 MISC MISC MISC
elecom — multiple_products	Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.	2023-02-15	not yet calculated	CVE-2023-22368 MISC MISC
fujitsu_limited — tsclinical_define.xml_generator_and_tsclinical_metadata_desktop_tools	Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.	2023-02-15	not yet calculated	CVE-2023-22377 MISC MISC
github — enterprise_server	A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program.	2023-02-16	not yet calculated	CVE-2023-22380 MISC
git — git	Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim’s filesystem within the malicious repository’s working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `–recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.	2023-02-14	not yet calculated	CVE-2023-22490 MISC MISC MISC
feathers-sequalize — sequelize.js	Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.	2023-02-16	not yet calculated	CVE-2023-22578 MISC MISC
feathers-sequalize — sequelize.js	Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.	2023-02-16	not yet calculated	CVE-2023-22579 MISC MISC
feathers-sequalize — sequelize.js	Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.	2023-02-16	not yet calculated	CVE-2023-22580 MISC MISC
south_river_technologies — titan_ftp	An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server’s filesystem.	2023-02-14	not yet calculated	CVE-2023-22629 MISC MISC MISC
fortinet — fortinac	Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.	2023-02-16	not yet calculated	CVE-2023-22638 MISC
git_for_windows — git_for_windows	Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.	2023-02-14	not yet calculated	CVE-2023-22743 MISC MISC MISC MISC MISC MISC
ls_electric — xbc-dn32u	LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC’s mode arbitrarily.	2023-02-15	not yet calculated	CVE-2023-22803 MISC
ls_electric — xbc-dn32u	LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.	2023-02-15	not yet calculated	CVE-2023-22804 MISC
ls_electric — xbc-dn32u	LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.	2023-02-15	not yet calculated	CVE-2023-22805 MISC
ls_electric — xbc-dn32u	LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.	2023-02-15	not yet calculated	CVE-2023-22806 MISC
ls_electric — xbc-dn32u	LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.	2023-02-15	not yet calculated	CVE-2023-22807 MISC
mitel — micontact_center_business_server	The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.	2023-02-13	not yet calculated	CVE-2023-22854 MISC MISC
mlog_mcc — mlog_mcc	Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.	2023-02-15	not yet calculated	CVE-2023-22855 MISC FULLDISC MISC
ibm — aspera_faspex	IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.	2023-02-17	not yet calculated	CVE-2023-22868 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.	2023-02-14	not yet calculated	CVE-2023-22931 MISC MISC
splunk — enterprise	In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.	2023-02-14	not yet calculated	CVE-2023-22932 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. The vulnerability affects instances with Splunk Web enabled.	2023-02-14	not yet calculated	CVE-2023-22933 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards) using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. The vulnerability affects instances with Splunk Web enabled.	2023-02-14	not yet calculated	CVE-2023-22934 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.	2023-02-14	not yet calculated	CVE-2023-22935 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.	2023-02-14	not yet calculated	CVE-2023-22936 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. For more information on lookup table files, see [About lookups](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions).	2023-02-14	not yet calculated	CVE-2023-22937 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.	2023-02-14	not yet calculated	CVE-2023-22938 MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search [bypass SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.	2023-02-14	not yet calculated	CVE-2023-22939 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.	2023-02-14	not yet calculated	CVE-2023-22940 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) crashes the Splunk daemon (splunkd).	2023-02-14	not yet calculated	CVE-2023-22941 MISC MISC
splunk — enterprise	In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.	2023-02-14	not yet calculated	CVE-2023-22942 MISC MISC
splunk — multiple_products	In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input Python class directly.	2023-02-14	not yet calculated	CVE-2023-22943 MISC
espcms — p8.21120101	An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.	2023-02-17	not yet calculated	CVE-2023-23007 MISC
totolink — a720r_v4.1.5cu.532_b20210610	TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.	2023-02-17	not yet calculated	CVE-2023-23064 MISC
canteen_management_system — canteen_management_system	Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.	2023-02-17	not yet calculated	CVE-2023-23279 MISC
sunell — dvr	Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.	2023-02-15	not yet calculated	CVE-2023-23458 MISC
priority — windows	Priority Windows may allow Command Execution via SQL Injection using an unspecified method.	2023-02-15	not yet calculated	CVE-2023-23459 MISC
priority — web	Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.	2023-02-15	not yet calculated	CVE-2023-23460 MISC
libpeconv — libpeconv	Libpeconv – access violation, before commit b076013 (30/11/2022).	2023-02-15	not yet calculated	CVE-2023-23461 MISC
libpeconv — libpeconv	Libpeconv – integer overflow, before commit 75b1565 (30/11/2022).	2023-02-15	not yet calculated	CVE-2023-23462 MISC
sunell — dvr	Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.	2023-02-15	not yet calculated	CVE-2023-23463 MISC
media_cp — control_panel	Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.	2023-02-15	not yet calculated	CVE-2023-23464 MISC
media_cp — control_panel	Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint.	2023-02-15	not yet calculated	CVE-2023-23465 MISC
media_cp — control_panel	Media CP Media Control Panel latest version. Insufficiently protected credential change.	2023-02-15	not yet calculated	CVE-2023-23466 MISC
media_cp — control_panel	Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint.	2023-02-15	not yet calculated	CVE-2023-23467 MISC
control_by_web — x-600m_devices	Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.	2023-02-13	not yet calculated	CVE-2023-23551 MISC
control_by_web — x-400m_devices	Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.	2023-02-13	not yet calculated	CVE-2023-23553 MISC
eternal_terminal — eternal_terminal	In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.	2023-02-16	not yet calculated	CVE-2023-23558 MISC MISC MLIST
linux — kernel	Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring’s io_worker threads, thus it is possible to insert a time namespace’s vvar page to process’s memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process’ memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring	2023-02-17	not yet calculated	CVE-2023-23586 MISC MISC
git_for_windows — git	Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI’s “Visualize History” functionality) in clones of untrusted repositories.	2023-02-14	not yet calculated	CVE-2023-23618 MISC MISC MISC MISC
dell — secure_connect_gateway	Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.	2023-02-17	not yet calculated	CVE-2023-23695 MISC
dell — command	Dell Command \| Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.	2023-02-13	not yet calculated	CVE-2023-23697 MISC
joomla!_project — joomla!_cms	An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.	2023-02-16	not yet calculated	CVE-2023-23752 MISC
fortinet — fortiweb	A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.	2023-02-16	not yet calculated	CVE-2023-23778 MISC
fortinet — fortiweb	Multiple improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.	2023-02-16	not yet calculated	CVE-2023-23779 MISC
fortinet — fortiweb	A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.	2023-02-16	not yet calculated	CVE-2023-23780 MISC
fortinet — fortiweb	A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.	2023-02-16	not yet calculated	CVE-2023-23781 MISC
fortinet — fortiweb	A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.	2023-02-16	not yet calculated	CVE-2023-23782 MISC
fortinet — fortiweb	A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.	2023-02-16	not yet calculated	CVE-2023-23783 MISC
fortinet — fortiweb	A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.	2023-02-16	not yet calculated	CVE-2023-23784 MISC
siemens — mendix	A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.10), Mendix Applications using Mendix 9 (V9.18) (All versions < V9.18.4), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.15). Some of the Mendix runtime API’s allow attackers to bypass XPath constraints and retrieve information using XPath queries that trigger errors.	2023-02-14	not yet calculated	CVE-2023-23835 MISC
solarwinds — platform	SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.	2023-02-15	not yet calculated	CVE-2023-23836 MISC MISC
synopsys — jenkins_coverity_plugin	A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.	2023-02-15	not yet calculated	CVE-2023-23847 CONFIRM CONFIRM
synopsys — jenkins_coverity_plugin	Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.	2023-02-15	not yet calculated	CVE-2023-23848 CONFIRM CONFIRM
synopsys — jenkins_coverity_plugin	A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2023-02-15	not yet calculated	CVE-2023-23850 CONFIRM CONFIRM
sap_se — business_planning_and_consolidation	SAP Business Planning and Consolidation – versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.	2023-02-14	not yet calculated	CVE-2023-23851 MISC MISC
sap_se — solution_manager	SAP Solution Manager (System Monitoring) – version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.	2023-02-14	not yet calculated	CVE-2023-23852 MISC MISC
sap_se — netweaver_application_server_for_abap_and_abap_platform	An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform – versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.	2023-02-14	not yet calculated	CVE-2023-23853 MISC MISC
sap_se — netweaver_application_server_for_abap_and_abap_platform	SAP NetWeaver Application Server for ABAP and ABAP Platform – versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.	2023-02-14	not yet calculated	CVE-2023-23854 MISC MISC
sap_se — solution_manager	SAP Solution Manager – version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability.	2023-02-14	not yet calculated	CVE-2023-23855 MISC MISC
sap_se — businessobjects_business_intelligence	In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) – version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application.	2023-02-14	not yet calculated	CVE-2023-23856 MISC MISC
sap_se — netweaver_application_server_for_abap_and_abap_platform	Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform – versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.	2023-02-14	not yet calculated	CVE-2023-23858 MISC MISC
sap_se — netweaver_application_server_for_abap_and_abap_platform	SAP NetWeaver AS for ABAP and ABAP Platform – versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.	2023-02-14	not yet calculated	CVE-2023-23859 MISC MISC
sap_se — netweaver_application_server_for_abap_and_abap_platform	SAP NetWeaver AS for ABAP and ABAP Platform – versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.	2023-02-14	not yet calculated	CVE-2023-23860 MISC MISC
hasthemes — extensions_for_cf7	Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.	2023-02-17	not yet calculated	CVE-2023-23899 MISC
moodle — moodle	The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.	2023-02-17	not yet calculated	CVE-2023-23921 MISC MISC MISC
moodle — moodle	The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.	2023-02-17	not yet calculated	CVE-2023-23922 MISC MISC MISC
moodle — moodle	The vulnerability was found Moodle which exists due to insufficient limitations on the “start page” preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.	2023-02-17	not yet calculated	CVE-2023-23923 MISC MISC MISC
apoc — apoc	APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities can be used to read local files, send HTTP requests, and perform denial-of-service attacks on the application. Abusing the XXE vulnerability enabled assessors to read local files remotely. Although with the level of privileges assessors had this was limited to one-line files. With the ability to write to the database, any file could have been read. Additionally, assessors noted, with local testing, the server could be crashed by passing in improperly formatted XML. The minimum version containing a patch for this vulnerability is 5.5.0. Those who cannot upgrade the library can control the allowlist of the procedures that can be used in your system.	2023-02-16	not yet calculated	CVE-2023-23926 MISC MISC MISC MISC
werkzeug — werkzeug	Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.	2023-02-14	not yet calculated	CVE-2023-23934 MISC MISC MISC
undici — undici	Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.	2023-02-16	not yet calculated	CVE-2023-23936 MISC MISC MISC MISC
git — git	Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply –stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.	2023-02-14	not yet calculated	CVE-2023-23946 MISC MISC
argo_cd — argo_cd	Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). A patch for this vulnerability has been released in Argo CD versions 2.6.2, 2.5.11, 2.4.23, and 2.3.17. Two workarounds are available. Either modify the RBAC configuration to completely revoke all `clusters, update` access, or use the `destinations` and `clusterResourceWhitelist` fields to apply similar restrictions as the `namespaces` and `clusterResources` fields.	2023-02-16	not yet calculated	CVE-2023-23947 MISC MISC
owncloud — andriod_app	The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.	2023-02-13	not yet calculated	CVE-2023-23948 MISC
fuguhub — fuguhub	Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.	2023-02-17	not yet calculated	CVE-2023-24078 MISC
chikoi — chikoi	ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.	2023-02-13	not yet calculated	CVE-2023-24084 MISC
slims — slims	SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.	2023-02-13	not yet calculated	CVE-2023-24086 MISC
totolink — ca300-poe	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.	2023-02-14	not yet calculated	CVE-2023-24159 MISC
totolink — ca300-poe	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.	2023-02-14	not yet calculated	CVE-2023-24160 MISC
totolink — ca300-poe	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.	2023-02-14	not yet calculated	CVE-2023-24161 MISC
ureport2 — ureport2	An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.	2023-02-14	not yet calculated	CVE-2023-24187 MISC MISC MISC
ureport2 — ureport2	ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.	2023-02-13	not yet calculated	CVE-2023-24188 MISC MISC MISC
luckyframeweb — luckyframeweb	LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.	2023-02-17	not yet calculated	CVE-2023-24219 MISC
luckyframeweb — luckyframeweb	LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.	2023-02-17	not yet calculated	CVE-2023-24220 MISC
luckyframeweb — luckyframeweb	LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.	2023-02-17	not yet calculated	CVE-2023-24221 MISC
totolink — a7100ru	TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.	2023-02-16	not yet calculated	CVE-2023-24236 MISC
totolink — a7100ru	TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.	2023-02-16	not yet calculated	CVE-2023-24238 MISC
python — python	An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.	2023-02-17	not yet calculated	CVE-2023-24329 MISC MISC
ujcms — ujcms	A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.	2023-02-17	not yet calculated	CVE-2023-24369 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.	2023-02-14	not yet calculated	CVE-2023-24377 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.	2023-02-14	not yet calculated	CVE-2023-24382 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).	2023-02-17	not yet calculated	CVE-2023-24388 MISC
siemens — multiple_products	A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.	2023-02-14	not yet calculated	CVE-2023-24482 MISC
citrix — multiple_products	A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITYSYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.	2023-02-16	not yet calculated	CVE-2023-24483 MISC
citrix — multiple_products	A malicious user can cause log files to be written to a directory that they do not have permission to write to.	2023-02-16	not yet calculated	CVE-2023-24484 MISC
citrix — multiple_products	Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.	2023-02-16	not yet calculated	CVE-2023-24485 MISC
netgear — prosafe_24_port_10/100_fs726tp	An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.	2023-02-15	not yet calculated	CVE-2023-24498 MISC
butterfly_button_plugin — butterfly_button_plugin	Butterfly Button plugin may leave traces of its use on user’s device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.	2023-02-15	not yet calculated	CVE-2023-24499 MISC
sap_se — multiple_products	Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) – versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.	2023-02-14	not yet calculated	CVE-2023-24521 MISC MISC
sap_se — multiple_products	Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) – versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.	2023-02-14	not yet calculated	CVE-2023-24522 MISC MISC
sap_se — multiple_products	An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) – versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS command can read or modify any user or system data and can make the system unavailable.	2023-02-14	not yet calculated	CVE-2023-24523 MISC MISC
sap_se — multiple_products	SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.	2023-02-14	not yet calculated	CVE-2023-24524 MISC MISC
sap_se — multiple_products	SAP CRM WebClient UI – versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.	2023-02-14	not yet calculated	CVE-2023-24525 MISC MISC
sap_se — multiple_products	SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) – version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.	2023-02-14	not yet calculated	CVE-2023-24528 MISC MISC
sap_se — netweaver_application_server_for_abap	Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) – versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.	2023-02-14	not yet calculated	CVE-2023-24529 MISC MISC
sap_se — multiple_products	SAP BusinessObjects Business Intelligence Platform (CMC) – versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.	2023-02-14	not yet calculated	CVE-2023-24530 MISC MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24549 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24550 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24551 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24552 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24553 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24554 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24555 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24556 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24557 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24558 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24559 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24560 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24561 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24562 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-24563 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069)	2023-02-14	not yet calculated	CVE-2023-24564 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted STL file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19428)	2023-02-14	not yet calculated	CVE-2023-24565 MISC
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19472)	2023-02-14	not yet calculated	CVE-2023-24566 MISC
siemens — multiple_products	Dell Command \| Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.	2023-02-13	not yet calculated	CVE-2023-24572 MISC
django — django	An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.	2023-02-15	not yet calculated	CVE-2023-24580 MISC MISC MISC MISC MLIST
siemens — multiple_products	A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V2023Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)	2023-02-14	not yet calculated	CVE-2023-24581 MISC
redpanda — redpanda	Redpanda before 22.3.12 discloses cleartext AWS credentials. The import functionality in the rpk binary logs an AWS Access Key ID and Secret in cleartext to standard output, allowing a local user to view the key in the console, or in Kubernetes logs if stdout output is collected. The fixed versions are 22.3.12, 22.2.10, and 22.1.12.	2023-02-13	not yet calculated	CVE-2023-24619 MISC
food_ordering_system — food_ordering_system	An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.	2023-02-13	not yet calculated	CVE-2023-24646 MISC
food_ordering_system — food_ordering_system	Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.	2023-02-13	not yet calculated	CVE-2023-24647 MISC
zstore — zstore	Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.	2023-02-13	not yet calculated	CVE-2023-24648 MISC
changedetection.io — changedetection.io	Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the “Add a new change detection watch” function.	2023-02-17	not yet calculated	CVE-2023-24769 MISC MISC
peazip — peazip	An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.	2023-02-17	not yet calculated	CVE-2023-24785 MISC
owncloud — andriod_app	The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.	2023-02-13	not yet calculated	CVE-2023-24804 MISC MISC MISC
undici — undici	Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.	2023-02-16	not yet calculated	CVE-2023-24807 MISC MISC MISC MISC
nethack — nethack	NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the “C” (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.	2023-02-17	not yet calculated	CVE-2023-24809 MISC MISC
ibm — infosphere_information_server	IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333	2023-02-17	not yet calculated	CVE-2023-24960 MISC MISC
ibm — infosphere_information_server	IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.	2023-02-17	not yet calculated	CVE-2023-24964 MISC MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19788)	2023-02-14	not yet calculated	CVE-2023-24978 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19789)	2023-02-14	not yet calculated	CVE-2023-24979 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19790)	2023-02-14	not yet calculated	CVE-2023-24980 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19791)	2023-02-14	not yet calculated	CVE-2023-24981 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19804)	2023-02-14	not yet calculated	CVE-2023-24982 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19805)	2023-02-14	not yet calculated	CVE-2023-24983 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19806)	2023-02-14	not yet calculated	CVE-2023-24984 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19807)	2023-02-14	not yet calculated	CVE-2023-24985 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19808)	2023-02-14	not yet calculated	CVE-2023-24986 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19809)	2023-02-14	not yet calculated	CVE-2023-24987 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19810)	2023-02-14	not yet calculated	CVE-2023-24988 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19811)	2023-02-14	not yet calculated	CVE-2023-24989 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19812)	2023-02-14	not yet calculated	CVE-2023-24990 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19813)	2023-02-14	not yet calculated	CVE-2023-24991 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19814)	2023-02-14	not yet calculated	CVE-2023-24992 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19815)	2023-02-14	not yet calculated	CVE-2023-24993 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19816)	2023-02-14	not yet calculated	CVE-2023-24994 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19817)	2023-02-14	not yet calculated	CVE-2023-24995 MISC
siemens — tecnomatix_plant_simulation	A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19818)	2023-02-14	not yet calculated	CVE-2023-24996 MISC
nec — pc_settings_tool	PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges.	2023-02-15	not yet calculated	CVE-2023-25011 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.	2023-02-14	not yet calculated	CVE-2023-25065 MISC
foliovision — fv_flowplayer_video_player	Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions.	2023-02-14	not yet calculated	CVE-2023-25066 MISC
siemens — parasolid/solid_edge	A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V2210Update12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.	2023-02-14	not yet calculated	CVE-2023-25140 MISC MISC
apache — sling_jcr_base	Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK.	2023-02-14	not yet calculated	CVE-2023-25141 MISC
timescaledb — timescaledb	TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms.	2023-02-14	not yet calculated	CVE-2023-25149 MISC MISC MISC
containerd — containerd	containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.	2023-02-16	not yet calculated	CVE-2023-25153 MISC MISC MISC MISC
kiwi_tcms — kiwi_tcms	Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.	2023-02-15	not yet calculated	CVE-2023-25156 MISC MISC MISC MISC
nextcloud — multiple_products	Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.	2023-02-13	not yet calculated	CVE-2023-25159 MISC MISC MISC MISC
nextcloud — mail	Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.	2023-02-13	not yet calculated	CVE-2023-25160 MISC MISC MISC
nextcloud — server/enterprise_server	Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available.	2023-02-13	not yet calculated	CVE-2023-25161 MISC MISC MISC
nextcloud — server/enterprise_server	Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available.	2023-02-13	not yet calculated	CVE-2023-25162 MISC MISC MISC
kiwi_tcms — kiwi_tcms	Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may strain SMTP resources. Users should upgrade to v12.0 or later to receive a patch. As potential workarounds, users may install and configure a rate-limiting proxy in front of Kiwi TCMS and/or configure rate limits on their email server when possible.	2023-02-15	not yet calculated	CVE-2023-25171 MISC MISC MISC MISC
containerd — containerd	containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd’s client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `”USER $USERNAME”` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [“su”, “-“, “user”]` to allow `su` to properly set up supplementary groups.	2023-02-16	not yet calculated	CVE-2023-25173 MISC MISC MISC MISC MISC MISC MISC MISC MISC
ami — megarac_spx	AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.	2023-02-15	not yet calculated	CVE-2023-25191 MISC
ami — megarac_spx	AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.	2023-02-15	not yet calculated	CVE-2023-25192 MISC
pimcore — pimcore	An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.	2023-02-13	not yet calculated	CVE-2023-25240 MISC MISC
bgerp — bgerp	bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.	2023-02-13	not yet calculated	CVE-2023-25241 MISC MISC
gss_ntlmssp — gss_ntlmssp	GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads.	2023-02-14	not yet calculated	CVE-2023-25563 MISC MISC MISC
gss_ntlmssp — gss_ntlmssp	GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0.	2023-02-14	not yet calculated	CVE-2023-25564 MISC MISC MISC
gss_ntlmssp — gss_ntlmssp	GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.	2023-02-14	not yet calculated	CVE-2023-25565 MISC MISC MISC
gss_ntlmssp — gss_ntlmssp	GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.	2023-02-14	not yet calculated	CVE-2023-25566 MISC MISC MISC
gss_ntlmssp — gss_ntlmssp	GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.	2023-02-14	not yet calculated	CVE-2023-25567 MISC MISC MISC
backstage — backstage	Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. This vulnerability has been patched in both the frontend and backend implementations. The default `Link` component from `@backstage/core-components` version 1.2.0 and greater will now reject `javascript:` URLs, and there is a global override of `window.open` to do the same. In addition, the catalog model v0.12.4 and greater as well as the catalog backend v1.7.2 and greater now has additional validation built in that prevents `javascript:` URLs in known annotations. As a workaround, the general practice of limiting access to modifying catalog content and requiring code reviews greatly help mitigate this vulnerability.	2023-02-14	not yet calculated	CVE-2023-25571 MISC MISC
react_admin — react_admin	react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn’t sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `<RichTextField>` by a custom field doing sanitization by hand.	2023-02-13	not yet calculated	CVE-2023-25572 MISC MISC MISC MISC MISC
fastify — fastify_multipart	@fastify/multipart is a Fastify plugin to parse the multipart content-type. Prior to versions 7.4.1 and 6.0.1, @fastify/multipart may experience denial of service due to a number of situations in which an unlimited number of parts are accepted. This includes the multipart body parser accepting an unlimited number of file parts, the multipart body parser accepting an unlimited number of field parts, and the multipart body parser accepting an unlimited number of empty parts as field parts. This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x). There are no known workarounds.	2023-02-14	not yet calculated	CVE-2023-25576 MISC MISC MISC MISC MISC
werkzeug — werkzeug	Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug’s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.	2023-02-14	not yet calculated	CVE-2023-25577 MISC MISC MISC
tenable — starlite	Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. The large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large amount of RAM accumulated while processing requests can lead to Out-Of-Memory kills. Complete DoS is achievable by sending many concurrent multipart requests in a loop. Version 1.51.2 contains a patch for this issue.	2023-02-15	not yet calculated	CVE-2023-25578 MISC MISC MISC
fortinet — fortiweb	A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.	2023-02-16	not yet calculated	CVE-2023-25602 MISC
sap_se — netweaver_application_server_for_abap	SAP NetWeaver AS ABAP (BSP Framework) application – versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.	2023-02-14	not yet calculated	CVE-2023-25614 MISC MISC
node-jose — node-jose	node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default “fallback” crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service (DoS) condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered by malicious input. The issue has been patched in version 2.2.0. Since this issue is only present in the “fallback” crypto implementation, it can be avoided by ensuring that either WebCrypto or the Node `crypto` module is available in the JS environment where `node-jose` is being run.	2023-02-16	not yet calculated	CVE-2023-25653 MISC MISC
ruckus_wireless — admin	Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.	2023-02-13	not yet calculated	CVE-2023-25717 MISC MISC
connectwise — connectwise_control	The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect) are cryptographically flawed. An attacker can remotely generate or locally alter file contents and bypass code-signing controls. This can be used to execute code as a trusted application provider, escalate privileges, or execute arbitrary commands in the context of the user. The attacker tampers with a trusted, signed executable in transit.	2023-02-13	not yet calculated	CVE-2023-25718 MISC MISC
connectwise — connectwise_control	ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector.	2023-02-13	not yet calculated	CVE-2023-25719 MISC MISC
haproxy — haproxy	HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka “request smuggling.” The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.	2023-02-14	not yet calculated	CVE-2023-25725 MISC CONFIRM MLIST DEBIAN
phpmyadmin — phpmyadmin	In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.	2023-02-13	not yet calculated	CVE-2023-25727 MISC
onekey — touch/mini	Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, “man-in-the-middle” does not refer to the attacker’s position on an IP network). NOTE: the vendor states that “our hardware team has updated the security patch without anyone being affected.”	2023-02-14	not yet calculated	CVE-2023-25758 MISC MISC MISC
jenkins — junit_plugin_1166.va_436e268e972	Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.	2023-02-15	not yet calculated	CVE-2023-25761 CONFIRM MLIST
jenkins — pipeline_build_step_plugin	Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.	2023-02-15	not yet calculated	CVE-2023-25762 CONFIRM MLIST
jenkins — email_extension_plugin	Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.	2023-02-15	not yet calculated	CVE-2023-25763 CONFIRM MLIST
jenkins — email_extension_plugin	Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates.	2023-02-15	not yet calculated	CVE-2023-25764 CONFIRM MLIST
jenkins — email_extension_plugin	In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	2023-02-15	not yet calculated	CVE-2023-25765 CONFIRM MLIST
jenkins — azure_credentials_plugin	A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2023-02-15	not yet calculated	CVE-2023-25766 CONFIRM MLIST
enkins — azure_credentials_plugin	A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.	2023-02-15	not yet calculated	CVE-2023-25767 CONFIRM MLIST
enkins — azure_credentials_plugin	A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.	2023-02-15	not yet calculated	CVE-2023-25768 CONFIRM MLIST
craftercms — craftercms	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.	2023-02-17	not yet calculated	CVE-2023-26020 MISC

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Mozilla Releases Security Updates for Thunderbird 102.8

Post author By admin
Post date February 17, 2023

Original release date: February 17, 2023

Mozilla has released security updates to address vulnerabilities in Thunderbird 102.8. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla’s security advisory for Thunderbird 102.8 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

CISA Releases Fifteen Industrial Control Systems Advisories

Post author By admin
Post date February 16, 2023

Original release date: February 16, 2023

CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

ICSA-23-047-01 Siemens Solid Edge
ICSA-23-047-02 Siemens SCALANCE X-200 IRT
ICSA-23-047-03 Siemens Brownfield Connectivity Client
ICSA-23-047-04 Siemens Brownfield Connectivity Gateway
ICSA-23-047-05 Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP
ICSA-23-047-06 Siemens Simcenter Femap
ICSA-23-047-07 Siemens TIA Project Server
ICSA-23-047-08 Siemens RUGGEDCOM APE1808
ICSA-23-047-09 Siemens SIMATIC Industrial Products
ICSA-23-047-10 Siemens COMOS
ICSA-23-047-11 Siemens Mendix
ICSA-23-047-12 Siemens JT Open, JT Utilities, and Parasolid
ICSA-23-047-13 Sub-IoT DASH 7 Alliance Protocol
ICSA-22-298-06 Delta Electronic DIAEnergie (Update B)
ICSMA-23-047-01 BD Alaris Infusion Central

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Mozilla Releases Security Updates for Firefox 110 and Firefox ESR

Post author By admin
Post date February 14, 2023

Original release date: February 14, 2023

Mozilla has released security updates to address vulnerabilities in Firefox 110 and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 110 and Firefox ESR 102.8 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops

Post author By admin
Post date February 14, 2023

Original release date: February 14, 2023

Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483) in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix security bulletins CTX477618, CTX477617, and CTX477616 for more information and to apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

Vulnerability Summary for the Week of February 6, 2023

Post author By admin
Post date February 14, 2023

Original release date: February 14, 2023

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
webfinance_project — webfinance	A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.	2023-02-03	9.8	CVE-2013-10015 MISC MISC MISC
webfinance_project — webfinance	A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055.	2023-02-03	9.8	CVE-2013-10016 MISC MISC MISC
webfinance_project — webfinance	A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056.	2023-02-04	9.8	CVE-2013-10017 MISC MISC MISC
webfinance_project — webfinance	A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability.	2023-02-04	9.8	CVE-2013-10018 MISC MISC MISC
gimmie_project — gimmie	A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability.	2023-02-06	9.8	CVE-2014-125084 MISC MISC MISC MISC
gimmie_project — gimmie	A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability.	2023-02-06	9.8	CVE-2014-125085 MISC MISC MISC MISC
gimmie_project — gimmie	A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.	2023-02-06	9.8	CVE-2014-125086 MISC MISC MISC MISC
phpwcms — phpwcms	An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.	2023-02-03	9.8	CVE-2021-36424 MISC
jizhicms — jizhicms	SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.	2023-02-03	9.8	CVE-2021-36484 MISC
native-php-cms_project — native-php-cms	SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file.	2023-02-03	9.8	CVE-2021-36503 MISC
pbootcms — pbootcms	SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.	2023-02-03	9.8	CVE-2021-37497 MISC MISC
zammad — zammad	A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.	2023-02-03	9.8	CVE-2022-48021 MISC
calendar_event_management_system_project — calendar_event_management_system	A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175.	2023-02-03	9.8	CVE-2023-0663 MISC MISC MISC
online_eyewear_shop_project — online_eyewear_shop	A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195.	2023-02-04	9.8	CVE-2023-0673 MISC MISC
mojojson_project — mojojson	Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function.	2023-02-03	9.8	CVE-2023-23086 MISC
mojojson_project — mojojson	An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.	2023-02-03	9.8	CVE-2023-23087 MISC
json-parser_project — json-parser	Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.	2023-02-03	9.8	CVE-2023-23088 MISC
ibm — websphere_application_server	IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.	2023-02-03	9.8	CVE-2023-23477 MISC MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.	2023-02-03	9.8	CVE-2023-24138 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.	2023-02-03	9.8	CVE-2023-24139 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.	2023-02-03	9.8	CVE-2023-24140 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.	2023-02-03	9.8	CVE-2023-24141 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.	2023-02-03	9.8	CVE-2023-24142 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.	2023-02-03	9.8	CVE-2023-24143 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.	2023-02-03	9.8	CVE-2023-24144 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.	2023-02-03	9.8	CVE-2023-24145 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.	2023-02-03	9.8	CVE-2023-24146 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.	2023-02-03	9.8	CVE-2023-24148 MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.	2023-02-03	9.8	CVE-2023-24149 MISC
totolink — t8_firmware	A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.	2023-02-03	9.8	CVE-2023-24150 MISC
totolink — t8_firmware	A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.	2023-02-03	9.8	CVE-2023-24151 MISC
totolink — t8_firmware	A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.	2023-02-03	9.8	CVE-2023-24152 MISC
totolink — t8_firmware	A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.	2023-02-03	9.8	CVE-2023-24153 MISC
totolink — t8_firmware	TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.	2023-02-03	9.8	CVE-2023-24154 MISC
totolink — t8_firmware	TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.	2023-02-03	9.8	CVE-2023-24155 MISC
totolink — t8_firmware	A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.	2023-02-03	9.8	CVE-2023-24156 MISC
totolink — t8_firmware	A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.	2023-02-03	9.8	CVE-2023-24157 MISC
raffle_draw_system_project — raffle_draw_system	Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.	2023-02-06	9.8	CVE-2023-24198 MISC MISC
raffle_draw_system_project — raffle_draw_system	Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.	2023-02-06	9.8	CVE-2023-24199 MISC MISC
raffle_draw_system_project — raffle_draw_system	Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.	2023-02-06	9.8	CVE-2023-24200 MISC MISC
raffle_draw_system_project — raffle_draw_system	Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.	2023-02-06	9.8	CVE-2023-24201 MISC MISC
raffle_draw_system_project — raffle_draw_system	Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.	2023-02-06	9.8	CVE-2023-24202 MISC MISC
openssh — openssh	OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states “remote code execution is theoretically possible.”	2023-02-03	9.8	CVE-2023-25136 MISC MISC MISC MISC MISC MISC
gnu — glibc	sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.	2023-02-03	9.8	CVE-2023-25139 MISC MLIST
jocms_project — jocms	SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.	2023-02-03	9.1	CVE-2021-36431 MISC
jocms_project — jocms	SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.	2023-02-03	9.1	CVE-2021-36433 MISC
jocms_project — jocms	SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.	2023-02-03	9.1	CVE-2021-36434 MISC
ibm — tivoli_workload_scheduler	IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.	2023-02-03	9.1	CVE-2022-22486 MISC MISC
cloudfoundry — diego	Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate.	2023-02-03	9.1	CVE-2022-31733 MISC
ibm — tivoli_workload_scheduler	IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.	2023-02-03	9.1	CVE-2022-38389 MISC MISC
phpwcms — phpwcms	File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.	2023-02-03	8.8	CVE-2021-36426 MISC
txjia — imcat	Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.	2023-02-03	8.8	CVE-2021-36443 MISC
txjia — imcat	Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.	2023-02-03	8.8	CVE-2021-36444 MISC
thedaylightstudio — fuel_cms	Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.	2023-02-03	8.8	CVE-2021-36569 MISC
thedaylightstudio — fuel_cms	Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2—.	2023-02-03	8.8	CVE-2021-36570 MISC
creativeitem — academy_lms	A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.	2023-02-03	8.8	CVE-2022-47132 MISC MISC MISC
froxlor — froxlor	Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.	2023-02-04	8.8	CVE-2023-0671 CONFIRM MISC
calendar_event_management_system_project — calendar_event_management_system	A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability.	2023-02-04	8.8	CVE-2023-0675 MISC MISC MISC
portfoliocms_project — portfoliocms	Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.	2023-02-03	8.1	CVE-2021-36532 MISC
parseplatform — parse-server	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn’t run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`.	2023-02-03	8.1	CVE-2023-22474 MISC MISC
json.h_project — json.h	Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.	2023-02-03	7.8	CVE-2022-45491 MISC MISC
json.h_project — json.h	Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.	2023-02-03	7.8	CVE-2022-45492 MISC MISC
json.h_project — json.h	Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.	2023-02-03	7.8	CVE-2022-45493 MISC
json.h_project — json.h	Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.	2023-02-03	7.8	CVE-2022-45496 MISC MISC
deltaww — cncsoft	All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.	2023-02-03	7.8	CVE-2022-4634 MISC
deltaww — dopsoft	Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.	2023-02-03	7.8	CVE-2023-0123 MISC
deltaww — dopsoft	Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.	2023-02-03	7.8	CVE-2023-0124 MISC
jocms_project — jocms	SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.	2023-02-03	7.5	CVE-2021-36432 MISC
xpdfreader — xpdf	Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.	2023-02-03	7.5	CVE-2021-36493 MISC
tpcms_project — tpcms	Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.	2023-02-03	7.5	CVE-2021-36544 MISC
kitesky — kitecms	Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.	2023-02-03	7.5	CVE-2021-36546 MISC
jeecg — jeecg	An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.	2023-02-03	7.5	CVE-2021-37304 MISC
jeecg — jeecg	An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.	2023-02-03	7.5	CVE-2021-37305 MISC
jeecg — jeecg	An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin.	2023-02-03	7.5	CVE-2021-37306 MISC
fcitx_5_project — fcitx_5	Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application’s listening port.	2023-02-03	7.5	CVE-2021-37311 MISC MISC
asus — rt-ac68u_firmware	SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.	2023-02-03	7.5	CVE-2021-37316 MISC
biltema — baby_camera_firmware	Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.	2023-02-03	7.5	CVE-2022-34138 MISC MISC
gin-vue-admin_project — gin-vue-admin	In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.	2023-02-03	7.5	CVE-2022-47762 MISC
multilaser — re057_firmware	A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.	2023-02-03	7.5	CVE-2023-0658 MISC MISC
bdcom — 1704-wgl_firmware	A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability.	2023-02-03	7.5	CVE-2023-0659 MISC MISC
totolink — ca300-poe_firmware	TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.	2023-02-03	7.5	CVE-2023-24147 MISC
progress — ws_ftp_server	In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.	2023-02-03	7.2	CVE-2023-24029 MISC MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
liballeg — allegro	Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.	2023-02-03	6.5	CVE-2021-36489 MISC
modern_honey_network_project — modern_honey_network	Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API.	2023-02-03	6.5	CVE-2021-37234 MISC
xwp — stream	The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.	2023-02-06	6.5	CVE-2022-4384 MISC
nrel — api_umbrella_web	A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060.	2023-02-04	6.1	CVE-2015-10072 MISC MISC MISC MISC
share_on_diaspora_project — share_on_diaspora	A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.	2023-02-06	6.1	CVE-2017-20176 MISC MISC MISC
vimium_project — vimium	Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.	2023-02-03	6.1	CVE-2021-37518 MISC MISC
wpswings — pdf_generator_for_wordpress	The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin	2023-02-06	6.1	CVE-2022-4321 MISC
phpipam — phpipam	Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.	2023-02-04	6.1	CVE-2023-0676 MISC CONFIRM
phpipam — phpipam	Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.	2023-02-04	6.1	CVE-2023-0677 CONFIRM MISC
apache — sling_cms	An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6	2023-02-04	6.1	CVE-2023-22849 MISC
jflyfox — jfinal_cms	jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).	2023-02-03	6.1	CVE-2023-22975 MISC
online_food_ordering_system_project — online_food_ordering_system	Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.	2023-02-06	6.1	CVE-2023-24191 MISC MISC
online_food_ordering_system_project — online_food_ordering_system	Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.	2023-02-06	6.1	CVE-2023-24192 MISC MISC
online_food_ordering_system_project — online_food_ordering_system	Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.	2023-02-06	6.1	CVE-2023-24194 MISC MISC
online_food_ordering_system_project — online_food_ordering_system	Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.	2023-02-06	6.1	CVE-2023-24195 MISC MISC
online_food_ordering_system_project — online_food_ordering_system	Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.	2023-02-06	6.1	CVE-2023-24197 MISC MISC
cesanta — mjs	Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.	2023-02-03	5.5	CVE-2021-36535 MISC
memcached — memcached	Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.	2023-02-03	5.5	CVE-2021-37519 MISC MISC
phpwcms — phpwcms	Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.	2023-02-03	5.4	CVE-2021-36425 MISC
gurock — testrail	Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.	2023-02-03	5.4	CVE-2021-36538 MISC
tpcms_project — tpcms	Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.	2023-02-03	5.4	CVE-2021-36545 MISC
yzmcms — yzmcms	Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.	2023-02-03	5.4	CVE-2021-36712 MISC MISC
automad — automad	Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.	2023-02-03	5.4	CVE-2021-37502 MISC
wepanow — print_away	WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.	2023-02-03	5.4	CVE-2022-42908 CONFIRM CONFIRM
wepanow — print_away	WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.	2023-02-03	5.4	CVE-2022-42909 CONFIRM CONFIRM
wp_show_posts_project — wp_show_posts	The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	5.4	CVE-2022-4459 MISC
goldplugins — easy_testimonials	The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	5.4	CVE-2022-4577 MISC
jellyfin — jellyfin	In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.	2023-02-03	5.4	CVE-2023-23635 MISC MISC MISC
jellyfin — jellyfin	In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.	2023-02-03	5.4	CVE-2023-23636 MISC MISC MISC
nomachine — nomachine	An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.	2023-02-03	5.3	CVE-2022-48074 MISC
arraynetworks — arrayos_ag	The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.	2023-02-03	4.9	CVE-2023-24613 MISC
creativeitem — academy_lms	A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.	2023-02-03	4.8	CVE-2022-47131 MISC MISC MISC MISC MISC
kodi — kodi	A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.	2023-02-03	4.6	CVE-2023-23082 MISC MISC MISC MISC MISC
google — android	In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.	2023-02-06	4.4	CVE-2022-32595 MISC
creativeitem — academy_lms	A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.	2023-02-03	4.3	CVE-2022-47130 MISC MISC MISC
zammad — zammad	An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.	2023-02-03	4.3	CVE-2022-48022 MISC
zammad — zammad	Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.	2023-02-03	4.3	CVE-2022-48023 MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0684 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..	2023-02-08	4.3	CVE-2023-0685 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0711 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-07	4.3	CVE-2023-0712 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-07	4.3	CVE-2023-0713 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0715 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0716 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0717 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0718 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-07	4.3	CVE-2023-0719 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0720 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0722 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-07	4.3	CVE-2023-0723 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0724 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0725 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-08	4.3	CVE-2023-0726 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-07	4.3	CVE-2023-0727 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-07	4.3	CVE-2023-0728 MISC MISC MISC
wickedplugins — wicked_folders	The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.	2023-02-07	4.3	CVE-2023-0730 MISC MISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no low vulnerabilities recorded this week.

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
weblabyrinth — weblabyrinth	A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The name of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability.	2023-02-07	not yet calculated	CVE-2011-10002 MISC MISC MISC MISC MISC
xpressengine — xpressengine	A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The name of the patch is c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247.	2023-02-07	not yet calculated	CVE-2011-10003 MISC MISC MISC
tinymighty — wikiseo	A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215.	2023-02-06	not yet calculated	CVE-2015-10073 MISC MISC MISC MISC MISC
openseamap — online_chart	A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability.	2023-02-07	not yet calculated	CVE-2015-10074 MISC MISC MISC MISC MISC
custom-content-width — custom-content-width	A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely.	2023-02-07	not yet calculated	CVE-2015-10075 MISC MISC MISC
dimtion — shaarlier	A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.	2023-02-09	not yet calculated	CVE-2015-10076 MISC MISC MISC MISC
webbuilders-group — silverstripe-kapost-bridge	A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.	2023-02-10	not yet calculated	CVE-2015-10077 MISC MISC MISC MISC
daschtour — matomo-mediawiki-extension	A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203.	2023-02-05	not yet calculated	CVE-2017-20175 MISC MISC MISC MISC MISC
wangguard — wangguard	A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.	2023-02-06	not yet calculated	CVE-2017-20177 MISC MISC MISC MISC
segmentio — is-url	A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability.	2023-02-04	not yet calculated	CVE-2018-25079 MISC MISC MISC MISC MISC
mobiledetect — mobiledetect	A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.	2023-02-04	not yet calculated	CVE-2018-25080 MISC MISC MISC MISC MISC
huawei — e5573cs-322	There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.	2023-02-10	not yet calculated	CVE-2018-7935 MISC
onshift — turbogears	A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059.	2023-02-04	not yet calculated	CVE-2019-25101 MISC MISC MISC MISC MISC
paxswill — eve_ship_replacement_program	A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.	2023-02-06	not yet calculated	CVE-2020-36660 MISC MISC MISC MISC
mediatek — en7528/en7580	In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.	2023-02-06	not yet calculated	CVE-2021-31573 MISC
mediatek — en7528/en7580	In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.	2023-02-06	not yet calculated	CVE-2021-31574 MISC
mediatek — en7528/en7580	In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.	2023-02-06	not yet calculated	CVE-2021-31575 MISC
mediatek — en7528/en7580	In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.	2023-02-06	not yet calculated	CVE-2021-31576 MISC
mediatek — en7528/en7580	In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.	2023-02-06	not yet calculated	CVE-2021-31577 MISC
mediatek — en7528/en7580	In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.	2023-02-06	not yet calculated	CVE-2021-31578 MISC
western digital — my_cloud_network_storage_devices	Western Digital My Cloud devices before OS5 have a nobody account with a blank password.	2023-02-06	not yet calculated	CVE-2021-36224 MISC MISC MISC
western digital — my_cloud_network_storage_devices	Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.	2023-02-06	not yet calculated	CVE-2021-36225 MISC MISC MISC
western digital — my_cloud_network_storage_devices	Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.	2023-02-06	not yet calculated	CVE-2021-36226 MISC MISC MISC
adminlte — adminlte	Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.	2023-02-07	not yet calculated	CVE-2021-36471 MISC
dogecoin_project — dogecoin_core	An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.	2023-02-07	not yet calculated	CVE-2021-37491 MISC MISC MISC MISC MISC
raven_project — ravencoin_core	An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function.	2023-02-07	not yet calculated	CVE-2021-37492 MISC MISC MISC MISC
wordpress — wordpress	The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting	2023-02-08	not yet calculated	CVE-2022-2094 MISC
johnson_controls — system_configuration_tool	Sensitive Cookie Without ‘HttpOnly’ Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.	2023-02-09	not yet calculated	CVE-2022-21939 MISC MISC
johnson_controls — system_configuration_tool	Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.	2023-02-09	not yet calculated	CVE-2022-21940 MISC MISC
opensuse — paste	An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions.	2023-02-07	not yet calculated	CVE-2022-21948 CONFIRM
suse — rancher	A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.	2023-02-07	not yet calculated	CVE-2022-21953 CONFIRM
grafana — grafana	Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.	2023-02-03	not yet calculated	CVE-2022-23498 MISC
dell — cpg_bios	Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.	2023-02-10	not yet calculated	CVE-2022-24410 MISC
symfony — symfony	Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim’s session. This issue has been patched and is available for branch 4.4.	2023-02-03	not yet calculated	CVE-2022-24894 MISC MISC
symfony — symfony	Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.	2023-02-03	not yet calculated	CVE-2022-24895 MISC MISC MISC MISC
terramaster — nas	TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.	2023-02-07	not yet calculated	CVE-2022-24990 MISC MISC MISC MISC
semver-tags — semver-tags	All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.	2023-02-06	not yet calculated	CVE-2022-25853 MISC MISC
create-choo-app3 — create-choo-app3	All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.	2023-02-06	not yet calculated	CVE-2022-25855 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions.	2023-02-06	not yet calculated	CVE-2022-27628 MISC
caddy — caddy	Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.	2023-02-06	not yet calculated	CVE-2022-28923 MISC
wordpress — wordpress	The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the ‘zeromk_user’ and ‘zeromk_apikluc’ parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2023-02-06	not yet calculated	CVE-2022-2933 MISC MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions.	2023-02-06	not yet calculated	CVE-2022-29416 MISC
dahua_technology — multiple_products	Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.	2023-02-09	not yet calculated	CVE-2022-30564 MISC
suse — rancher	A Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.	2023-02-07	not yet calculated	CVE-2022-31249 CONFIRM
suse — multiple_products	A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.	2023-02-07	not yet calculated	CVE-2022-31254 CONFIRM
nvidia — geforce_experience	NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution.	2023-02-07	not yet calculated	CVE-2022-31611 MISC
unified_intents_ab — unified_remote	Because the web management interface for Unified Intents’ Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker’s choosing.	2023-02-06	not yet calculated	CVE-2022-3229 MISC
mediatek — multiple_products	In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.	2023-02-06	not yet calculated	CVE-2022-32642 MISC
mediatek — multiple_products	In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.	2023-02-06	not yet calculated	CVE-2022-32643 MISC
mediatek — multiple_products	In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011.	2023-02-06	not yet calculated	CVE-2022-32654 MISC
mediatek — multiple_products	In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.	2023-02-06	not yet calculated	CVE-2022-32655 MISC
mediatek — multiple_products	In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.	2023-02-06	not yet calculated	CVE-2022-32656 MISC
mediatek — multiple_products	In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014.	2023-02-06	not yet calculated	CVE-2022-32663 MISC
dell — powerscale_onefs	Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields.	2023-02-10	not yet calculated	CVE-2022-33934 MISC
ibm — api_connect	IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264.	2023-02-08	not yet calculated	CVE-2022-34350 MISC MISC
ibm — sterling_secure_proxy	IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.	2023-02-08	not yet calculated	CVE-2022-34362 MISC MISC
dell — bsafe_ssl-j	Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information.	2023-02-10	not yet calculated	CVE-2022-34364 MISC
dell — supportassist	Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.	2023-02-10	not yet calculated	CVE-2022-34366 MISC
dell — poweredge_bios	Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.	2023-02-10	not yet calculated	CVE-2022-34376 MISC
dell — poweredge_bios	Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.	2023-02-10	not yet calculated	CVE-2022-34377 MISC
dell — multiple_products	Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command \| Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.	2023-02-11	not yet calculated	CVE-2022-34384 MISC
dell — supportassist	SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.	2023-02-11	not yet calculated	CVE-2022-34385 MISC
dell — supportassist	Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.	2023-02-11	not yet calculated	CVE-2022-34386 MISC
dell — supportassist	Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.	2023-02-11	not yet calculated	CVE-2022-34387 MISC
dell — supportassist	Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.	2023-02-11	not yet calculated	CVE-2022-34388 MISC
dell — supportassist	Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.	2023-02-11	not yet calculated	CVE-2022-34389 MISC
dell — supportassist	SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.	2023-02-11	not yet calculated	CVE-2022-34392 MISC
dell — system_update	Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.	2023-02-11	not yet calculated	CVE-2022-34404 MISC
dell — powerscale_onefs	Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.	2023-02-11	not yet calculated	CVE-2022-34444 MISC
dell — powerscale_onefs	Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.	2023-02-11	not yet calculated	CVE-2022-34445 MISC
dell — powerpath_management_appliance	PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.	2023-02-11	not yet calculated	CVE-2022-34446 MISC
dell — powerpath_management_appliance	PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.	2023-02-11	not yet calculated	CVE-2022-34447 MISC
dell — powerpath_management_appliance	PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.	2023-02-11	not yet calculated	CVE-2022-34448 MISC
dell — powerpath_management_appliance	PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.	2023-02-11	not yet calculated	CVE-2022-34449 MISC
dell — powerpath_management_appliance	PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.	2023-02-11	not yet calculated	CVE-2022-34450 MISC
dell — powerpath_management_appliance	PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.	2023-02-11	not yet calculated	CVE-2022-34451 MISC
dell — powerpath_management_appliance	PowerPath Management Appliance with versions 3.3, 3.2, 3.1 & 3.0 contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.	2023-02-10	not yet calculated	CVE-2022-34452 MISC
dell — powerscale_onefs	Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.	2023-02-10	not yet calculated	CVE-2022-34454 MISC
wordpress — wordpress	The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘cli_path’ parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.	2023-02-10	not yet calculated	CVE-2022-3568 MISC MISC MISC MISC
ibm — multiple_products	IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.	2023-02-08	not yet calculated	CVE-2022-35720 MISC MISC
intel — oneapi_dpc++/c++_compiler	Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-06	not yet calculated	CVE-2022-38136 MISC
zyxel — multiple_products	A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.	2023-02-07	not yet calculated	CVE-2022-38547 CONFIRM
elastic — endpoint_security_for_windows	An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.	2023-02-08	not yet calculated	CVE-2022-38777 MISC MISC
elastic — kibana	A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.	2023-02-08	not yet calculated	CVE-2022-38778 MISC MISC
intel — oneapi_dpc++/c++_compiler	Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.	2023-02-06	not yet calculated	CVE-2022-40196 MISC
moxa — sds-3008	A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.	2023-02-07	not yet calculated	CVE-2022-40224 MISC MISC
nordic_semiconductor — nrf5340-dk_dt100112	Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.	2023-02-08	not yet calculated	CVE-2022-40480 MISC
moxa — sds-3008	An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.	2023-02-07	not yet calculated	CVE-2022-40691 MISC MISC
moxa — sds-3008	A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.	2023-02-07	not yet calculated	CVE-2022-40693 MISC MISC
moxa — sds-3008	A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”webLocationMessage_text” name=”webLocationMessage_text”	2023-02-07	not yet calculated	CVE-2022-41311 MISC MISC
moxa — sds-3008	A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”Switch Description”, name “switch_description”	2023-02-07	not yet calculated	CVE-2022-41312 MISC MISC
moxa — sds-3008	A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”switch_contact”	2023-02-07	not yet calculated	CVE-2022-41313 MISC MISC
intel — intelr_c++_compiler_classic	Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.7.1. for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.	2023-02-06	not yet calculated	CVE-2022-41342 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.	2023-02-08	not yet calculated	CVE-2022-41620 MISC
nvidia — geforce_experience	NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.	2023-02-07	not yet calculated	CVE-2022-42291 MISC
ibm — cloud_pak_for_multicloud_management_monitoring	IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.	2023-02-08	not yet calculated	CVE-2022-42438 MISC MISC
ibm — app_connect_enterprise	IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.	2023-02-06	not yet calculated	CVE-2022-42439 MISC MISC
couchbase_server — couchbase_server	An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.	2023-02-06	not yet calculated	CVE-2022-42950 MISC MISC MISC
couchbase_server — couchbase_server	An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.	2023-02-06	not yet calculated	CVE-2022-42951 MISC MISC MISC
openssl — openssl	A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.	2023-02-08	not yet calculated	CVE-2022-4304 MISC
tribe29 — checkmk	Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable	2023-02-09	not yet calculated	CVE-2022-43440 MISC
zuken_elmic — multiple_products	KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.	2023-02-10	not yet calculated	CVE-2022-43501 CONFIRM JVN
jitsi — jitsi	A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.	2023-02-09	not yet calculated	CVE-2022-43550 MISC
curl — curl	A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.	2023-02-09	not yet calculated	CVE-2022-43552 MISC
suse — rancher	A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.	2023-02-07	not yet calculated	CVE-2022-43755 CONFIRM
suse — rancher	A Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.	2023-02-07	not yet calculated	CVE-2022-43756 CONFIRM
suse — rancher	A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.	2023-02-07	not yet calculated	CVE-2022-43757 CONFIRM
suse — rancher	A Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.	2023-02-07	not yet calculated	CVE-2022-43758 CONFIRM
suse — rancher	A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10.	2023-02-07	not yet calculated	CVE-2022-43759 CONFIRM
b&r_industrial_automation — b&r_aprol	Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.	2023-02-08	not yet calculated	CVE-2022-43761 MISC
b&r_industrial_automation — b&r_aprol	Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages	2023-02-08	not yet calculated	CVE-2022-43762 MISC
b&r_industrial_automation — b&r_aprol	Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.	2023-02-08	not yet calculated	CVE-2022-43763 MISC
b&r_industrial_automation — b&r_aprol	Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code.	2023-02-08	not yet calculated	CVE-2022-43764 MISC
b&r_industrial_automation — b&r_aprol	B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.	2023-02-08	not yet calculated	CVE-2022-43765 MISC
monarch_printer_m9855 — monarch_printer_m9855	Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS).	2023-02-10	not yet calculated	CVE-2022-44261 MISC MISC
imagemagick — imagemagick	ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.	2023-02-06	not yet calculated	CVE-2022-44267 MISC MISC
imagemagick — imagemagick	ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).	2023-02-06	not yet calculated	CVE-2022-44268 MISC MISC
crmeb — crmeb	CRMEB 4.4.4 is vulnerable to Any File download.	2023-02-06	not yet calculated	CVE-2022-44343 MISC MISC
openssl — openssl	The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the “name” (e.g. “CERTIFICATE”), any header data and the payload data. If the function succeeds then the “name_out”, “header” and “data” arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.	2023-02-08	not yet calculated	CVE-2022-4450 MISC
activerecord’s_postgresql — activerecord’s_postgresql	A denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.	2023-02-09	not yet calculated	CVE-2022-44566 MISC MISC
rack — rack	A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.	2023-02-09	not yet calculated	CVE-2022-44570 MISC
rack — rack	There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.	2023-02-09	not yet calculated	CVE-2022-44571 MISC
rack — rack	A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.	2023-02-09	not yet calculated	CVE-2022-44572 MISC
libxpm — libxpm	A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.	2023-02-06	not yet calculated	CVE-2022-44617 MISC
wordpress — wordpress	The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.	2023-02-06	not yet calculated	CVE-2022-4489 MISC
dell — unisphere_for_powermax_vapp/solution_enabler_vapp	Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.	2023-02-11	not yet calculated	CVE-2022-45104 MISC
microchip_rn4870 — microchip_rn4870	An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.	2023-02-08	not yet calculated	CVE-2022-45190 MISC
microchip_rn4870 — microchip_rn4870	An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.	2023-02-08	not yet calculated	CVE-2022-45191 MISC
microchip_rn4870 — microchip_rn4870	An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.	2023-02-08	not yet calculated	CVE-2022-45192 MISC
zyxel — nbg-418n	A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device.	2023-02-07	not yet calculated	CVE-2022-45441 CONFIRM
future-depth_institutional_management_website — future-depth_institutional_management_website	SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.	2023-02-08	not yet calculated	CVE-2022-45526 MISC
future-depth_institutional_management_website — future-depth_institutional_management_website	File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.	2023-02-08	not yet calculated	CVE-2022-45527 MISC
schlix_web — schlix_cms	Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter.	2023-02-07	not yet calculated	CVE-2022-45544 MISC MISC MISC MISC
talend — remote_engine_gen_2	XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09.	2023-02-03	not yet calculated	CVE-2022-45588 MISC MISC
talend — esb_runtime	SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.	2023-02-06	not yet calculated	CVE-2022-45589 MISC MISC
apsystems — ecu-r	Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.	2023-02-10	not yet calculated	CVE-2022-45699 MISC MISC
ezeip — ezeip	ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.	2023-02-06	not yet calculated	CVE-2022-45722 MISC MISC
eyoucms — eyoucms	Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.	2023-02-08	not yet calculated	CVE-2022-45755 MISC
key_systems_management — global_facilities_management_software	Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes.	2023-02-10	not yet calculated	CVE-2022-45766 MISC
edimax — n300_firmware_br428n	Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function.	2023-02-07	not yet calculated	CVE-2022-45768 MISC MISC
apache — age	There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn’t careful. The developer of the Golang and Pyton drivers didn’t fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn’t a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters – that would be passed in and that the cypher() function transform needs to be resolved – are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can’t be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session’s pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.	2023-02-04	not yet calculated	CVE-2022-45786 MISC
zyxel — nwa110ax	An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker.	2023-02-07	not yet calculated	CVE-2022-45854 CONFIRM
thinkphp — thinkphp	thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.	2023-02-08	not yet calculated	CVE-2022-45982 MISC
wordpress — wordpress	The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4626 MISC
libxpm — libxpm	A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.	2023-02-07	not yet calculated	CVE-2022-46285 MISC
bticino — door_entry_hometouch	BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.	2023-02-06	not yet calculated	CVE-2022-46496 MISC
wordpress — wordpress	The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-06	not yet calculated	CVE-2022-4657 MISC
wordpress — wordpress	The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-06	not yet calculated	CVE-2022-4664 MISC
sierra_wireless — airlink_router	Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.	2023-02-10	not yet calculated	CVE-2022-46649 MISC MISC MISC
sierra_wireless — airlink_router	Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.	2023-02-10	not yet calculated	CVE-2022-46650 MISC MISC MISC
gnu — less	In GNU Less before 609, crafted data can result in “less -R” not filtering ANSI escape sequences sent to the terminal.	2023-02-07	not yet calculated	CVE-2022-46663 MISC MISC MISC MLIST
dell — wyse_management_suite	Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research.	2023-02-11	not yet calculated	CVE-2022-46675 MISC
dell — wyse_management_suite	Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.	2023-02-11	not yet calculated	CVE-2022-46676 MISC
dell — wyse_management_suite	Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.	2023-02-11	not yet calculated	CVE-2022-46677 MISC
dell — wyse_management_suite	Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.	2023-02-11	not yet calculated	CVE-2022-46678 MISC
wordpress — wordpress	The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2022-4670 MISC
wordpress — wordpress	The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack	2023-02-06	not yet calculated	CVE-2022-4674 MISC
dell — wyse_management_suite	Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.	2023-02-11	not yet calculated	CVE-2022-46754 MISC
dell — wyse_management_suite	Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.	2023-02-11	not yet calculated	CVE-2022-46755 MISC
wordpress — wordpress	The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.	2023-02-06	not yet calculated	CVE-2022-4677 MISC
wordpress — wordpress	The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.	2023-02-06	not yet calculated	CVE-2022-4681 MISC
nvs365 — nvs365	NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information.	2023-02-03	not yet calculated	CVE-2022-47070 MISC MISC
nvs365 — nvs365	In NVS365 V01, the background network test function can trigger command execution.	2023-02-06	not yet calculated	CVE-2022-47071 MISC MISC
wordpress — wordpress	The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4717 MISC
onlyoffice — workspace	Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition.	2023-02-07	not yet calculated	CVE-2022-47412 MISC
openkm — openkm	Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or “Type II”) XSS condition.	2023-02-07	not yet calculated	CVE-2022-47413 MISC
openkm — openkm	If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document “note” functionality.	2023-02-07	not yet calculated	CVE-2022-47414 MISC
logicaldoc — logicaldoc	LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies).	2023-02-07	not yet calculated	CVE-2022-47415 MISC
logicaldoc — logicaldoc	LogicalDOC Enterprise is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app chat system.	2023-02-07	not yet calculated	CVE-2022-47416 MISC
logicaldoc — logicaldoc	LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the document file name.	2023-02-07	not yet calculated	CVE-2022-47417 MISC
logicaldoc — logicaldoc	LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the document version comments.	2023-02-07	not yet calculated	CVE-2022-47418 MISC
mayan — mayan_edms	An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.	2023-02-07	not yet calculated	CVE-2022-47419 MISC
wordpress — wordpress	The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4747 MISC
wordpress — wordpress	The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4756 MISC
wordpress — wordpress	The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4762 MISC
bosch_security_systems — b420_firmware	Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user.	2023-02-08	not yet calculated	CVE-2022-47648 MISC MISC
another_eden — another_eden	The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.	2023-02-06	not yet calculated	CVE-2022-48019 MISC MISC MISC MISC MISC
pycdc — pycdc	pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode.	2023-02-06	not yet calculated	CVE-2022-48078 MISC
softr — softr	Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.	2023-02-06	not yet calculated	CVE-2022-48085 MISC MISC MISC MISC MISC
wavlink — wl-wn533a8	An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.	2023-02-06	not yet calculated	CVE-2022-48164 MISC MISC
wavlink — wl-wn530hg4	An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.	2023-02-03	not yet calculated	CVE-2022-48165 MISC MISC
wavlink — wl-wn530hg4	An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.	2023-02-06	not yet calculated	CVE-2022-48166 MISC MISC
wordpress — wordpress	The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4824 MISC
wordpress — wordpress	The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4825 MISC
wordpress — wordpress	The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-06	not yet calculated	CVE-2022-4826 MISC
huawei — harmonyos	The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48286 MISC MISC
huawei — harmonyos/emui	The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.	2023-02-09	not yet calculated	CVE-2022-48287 MISC MISC
huawei — harmonyos/emui	The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48288 MISC MISC
huawei — harmonyos/emui	The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48289 MISC MISC
huawei — harmonyos	The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.	2023-02-09	not yet calculated	CVE-2022-48290 MISC MISC
huawei — multiple_products	The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48292 MISC MISC
huawei — harmonyos/emui	The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48293 MISC MISC
huawei — harmonyos/emui	The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48294 MISC MISC
huawei — harmonyos/emui	The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).	2023-02-09	not yet calculated	CVE-2022-48295 MISC MISC
huawei — harmonyos/emui	The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.	2023-02-09	not yet calculated	CVE-2022-48296 MISC MISC
huawei — harmonyos/emui	The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.	2023-02-09	not yet calculated	CVE-2022-48297 MISC MISC
huawei — harmonyos/emui	The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.	2023-02-09	not yet calculated	CVE-2022-48298 MISC MISC
huawei — harmonyos/emui	The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48299 MISC MISC
huawei — harmonyos/emui	The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48300 MISC MISC
huawei — harmonyos/emui	The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.	2023-02-09	not yet calculated	CVE-2022-48301 MISC MISC
huawei — harmonyos/emui	The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.	2023-02-09	not yet calculated	CVE-2022-48302 MISC MISC
wordpress — wordpress	The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4833 MISC
wordpress — wordpress	The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4836 MISC
wordpress — wordpress	The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2022-4838 MISC
libxpm — libxpm	A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.	2023-02-07	not yet calculated	CVE-2022-4883 MISC
exo_chat_app — exo_chat_app	A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.3.0-20220417 is able to address this issue. The name of the patch is 26bf307d3658d1403cfd5c3ad423ce4c4d1cb2dc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220212.	2023-02-06	not yet calculated	CVE-2022-4902 MISC MISC MISC MISC MISC MISC
codenameone — codenameone	A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.	2023-02-10	not yet calculated	CVE-2022-4903 MISC MISC MISC MISC MISC
palo_alto_networks — cortex_xdr	An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent.	2023-02-08	not yet calculated	CVE-2023-0001 MISC
palo_alto_networks — cortex_xdr	A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent.	2023-02-08	not yet calculated	CVE-2023-0002 MISC
palo_alto_networks — cortex_xsoar	A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.	2023-02-08	not yet calculated	CVE-2023-0003 MISC
wordpress — wordpress	The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0062 MISC
wordpress — wordpress	The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0070 MISC
wordpress — wordpress	The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0072 MISC
wordpress — wordpress	The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0081 MISC
wordpress — wordpress	The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0082 MISC
wordpress — wordpress	The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0095 MISC
wordpress — wordpress	The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0096 MISC
d-link — dwl-2600ap	A command injection vulnerability in the firmware_update command, in the device’s restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root.	2023-02-11	not yet calculated	CVE-2023-0127 MISC
wordpress — wordpress	The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.	2023-02-06	not yet calculated	CVE-2023-0143 MISC
wordpress — wordpress	The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0144 MISC
wordpress — wordpress	The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0146 MISC
wordpress — wordpress	The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-06	not yet calculated	CVE-2023-0147 MISC
wordpress — wordpress	The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0148 MISC
wordpress — wordpress	The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-06	not yet calculated	CVE-2023-0149 MISC
wordpress — wordpress	The Cloak Front End Email WordPress plugin through 1.9.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-06	not yet calculated	CVE-2023-0150 MISC
wordpress — wordpress	The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0153 MISC
wordpress — wordpress	The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0154 MISC
wordpress — wordpress	The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0170 MISC
wordpress — wordpress	The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0171 MISC
wordpress — wordpress	The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0173 MISC
wordpress — wordpress	The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0174 MISC
wordpress — wordpress	The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0176 MISC
wordpress — wordpress	The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0178 MISC
openssl — openssl	The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.	2023-02-08	not yet calculated	CVE-2023-0215 MISC
openssl — openssl	An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.	2023-02-08	not yet calculated	CVE-2023-0216 MISC
openssl — openssl	An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.	2023-02-08	not yet calculated	CVE-2023-0217 MISC
wordpress — wordpress	The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.	2023-02-06	not yet calculated	CVE-2023-0234 MISC MISC MISC
wordpress — wordpress	The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin	2023-02-06	not yet calculated	CVE-2023-0236 MISC
delta_electronics — diascreen	Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.	2023-02-08	not yet calculated	CVE-2023-0249 MISC
delta_electronics — diascreen	Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.	2023-02-08	not yet calculated	CVE-2023-0250 MISC
delta_electronics — diascreen	Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.	2023-02-08	not yet calculated	CVE-2023-0251 MISC
wordpress — wordpress	The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-02-06	not yet calculated	CVE-2023-0252 MISC
wordpress — wordpress	The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.	2023-02-06	not yet calculated	CVE-2023-0282 MISC
openssl — openssl	There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.	2023-02-08	not yet calculated	CVE-2023-0286 MISC
openssl — openssl	A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.	2023-02-08	not yet calculated	CVE-2023-0401 MISC
yugabyte — yugabyte_managed	Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13.	2023-02-09	not yet calculated	CVE-2023-0574 MISC
yugabyte — yugabyte_db	External Control of Critical State Data, Improper Control of Generation of Code (‘Code Injection’) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.	2023-02-09	not yet calculated	CVE-2023-0575 MISC
linux — kernel	A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.	2023-02-06	not yet calculated	CVE-2023-0615 MISC
orangescrum — orangescrum	OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.	2023-02-09	not yet calculated	CVE-2023-0624 MISC MISC
forta — goanywhere_mft	Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.	2023-02-06	not yet calculated	CVE-2023-0669 MISC MISC MISC MISC MISC MISC MISC
xxl-job — xxl-job	A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.	2023-02-04	not yet calculated	CVE-2023-0674 MISC MISC MISC
phpipam — phpipam	Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.	2023-02-04	not yet calculated	CVE-2023-0678 MISC CONFIRM
sourcecodester — canteen_management_system	A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220.	2023-02-06	not yet calculated	CVE-2023-0679 MISC MISC MISC
sourcecodester — online_eyewear_shop	A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability.	2023-02-06	not yet calculated	CVE-2023-0686 MISC MISC
gnu — c_library	A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability.	2023-02-06	not yet calculated	CVE-2023-0687 MISC MISC MISC MISC
hashicorp — boundary	HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.	2023-02-08	not yet calculated	CVE-2023-0690 MISC
google — chrome	Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-02-07	not yet calculated	CVE-2023-0696 MISC MISC
google — chrome	Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)	2023-02-07	not yet calculated	CVE-2023-0697 MISC MISC
google — chrome	Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)	2023-02-07	not yet calculated	CVE-2023-0698 MISC MISC
google — chrome	Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)	2023-02-07	not yet calculated	CVE-2023-0699 MISC MISC
google — chrome	Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)	2023-02-07	not yet calculated	CVE-2023-0700 MISC MISC
google — chrome	Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)	2023-02-07	not yet calculated	CVE-2023-0701 MISC MISC
google — chrome	Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	2023-02-07	not yet calculated	CVE-2023-0702 MISC MISC
google — chrome	Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)	2023-02-07	not yet calculated	CVE-2023-0703 MISC MISC
google — chrome	Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)	2023-02-07	not yet calculated	CVE-2023-0704 MISC MISC
google — chrome	Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)	2023-02-07	not yet calculated	CVE-2023-0705 MISC MISC
sourcecodester — medical_certificate_generator	A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-220340.	2023-02-07	not yet calculated	CVE-2023-0706 MISC MISC
sourcecodester — medical_certificate_generator	A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability.	2023-02-07	not yet calculated	CVE-2023-0707 MISC MISC
wordpress — wordpress	The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-02-07	not yet calculated	CVE-2023-0731 MISC MISC
sourcecodester — online_eyewear_shop	A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability.	2023-02-07	not yet calculated	CVE-2023-0732 MISC MISC
wallabag — wallabag	Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.	2023-02-07	not yet calculated	CVE-2023-0735 MISC CONFIRM
wallabag — wallabag	Cross-site Scripting (XSS) – Stored in GitHub repository wallabag/wallabag prior to 2.5.4.	2023-02-07	not yet calculated	CVE-2023-0736 CONFIRM MISC
answerdev — answerdev	Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4.	2023-02-08	not yet calculated	CVE-2023-0739 CONFIRM MISC
answerdev — answerdev	Cross-site Scripting (XSS) – Stored in GitHub repository answerdev/answer prior to 1.0.4.	2023-02-08	not yet calculated	CVE-2023-0740 CONFIRM MISC
answerdev — answerdev	Cross-site Scripting (XSS) – DOM in GitHub repository answerdev/answer prior to 1.0.4.	2023-02-08	not yet calculated	CVE-2023-0741 CONFIRM MISC
answerdev — answerdev	Cross-site Scripting (XSS) – Stored in GitHub repository answerdev/answer prior to 1.0.4.	2023-02-08	not yet calculated	CVE-2023-0742 CONFIRM MISC
answerdev — answerdev	Cross-site Scripting (XSS) – Generic in GitHub repository answerdev/answer prior to 1.0.4.	2023-02-08	not yet calculated	CVE-2023-0743 MISC CONFIRM
answerdev — answerdev	Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.	2023-02-08	not yet calculated	CVE-2023-0744 CONFIRM MISC
yugabyte — yugabyte_managed	Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13.	2023-02-09	not yet calculated	CVE-2023-0745 MISC
btcpayserver — btcpayserver	Cross-site Scripting (XSS) – Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.	2023-02-08	not yet calculated	CVE-2023-0747 MISC CONFIRM
btcpayserver — btcpayserver	Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.	2023-02-08	not yet calculated	CVE-2023-0748 MISC CONFIRM
freebsd — freebsd	When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.	2023-02-08	not yet calculated	CVE-2023-0751 MISC
glorylion — jfinaloa	A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability.	2023-02-09	not yet calculated	CVE-2023-0758 MISC MISC MISC
cockpit-hq — cockpit-hq	Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.	2023-02-09	not yet calculated	CVE-2023-0759 MISC CONFIRM
gpac — gpac	Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.	2023-02-09	not yet calculated	CVE-2023-0760 CONFIRM MISC
gpac — gpac	Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.	2023-02-09	not yet calculated	CVE-2023-0770 MISC CONFIRM
ampache — ampache	SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.	2023-02-10	not yet calculated	CVE-2023-0771 CONFIRM MISC
sourcecodester — medical_certificate_generator_app	A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability.	2023-02-10	not yet calculated	CVE-2023-0774 MISC MISC MISC
baicells — multiple_products	Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.	2023-02-11	not yet calculated	CVE-2023-0776 MISC
modoboa — modoboa	Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.	2023-02-10	not yet calculated	CVE-2023-0777 MISC CONFIRM
cockpit-hq — cockpit-hq	Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.	2023-02-11	not yet calculated	CVE-2023-0780 CONFIRM MISC
sourcecodester — canteen_management_system	A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624.	2023-02-11	not yet calculated	CVE-2023-0781 MISC MISC MISC
tenda — ac23	A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640.	2023-02-11	not yet calculated	CVE-2023-0782 MISC MISC MISC
ecshop — ecshop	A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.	2023-02-11	not yet calculated	CVE-2023-0783 MISC MISC MISC
mediatek — multiple_products	In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107.	2023-02-06	not yet calculated	CVE-2023-20602 MISC
mediatek — multiple_products	In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494067; Issue ID: ALPS07494067.	2023-02-06	not yet calculated	CVE-2023-20604 MISC
mediatek — multiple_products	In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104.	2023-02-06	not yet calculated	CVE-2023-20605 MISC
mediatek — multiple_products	In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104.	2023-02-06	not yet calculated	CVE-2023-20606 MISC
mediatek — ccu	In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839.	2023-02-06	not yet calculated	CVE-2023-20607 MISC
mediatek — display_drm	In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363599; Issue ID: ALPS07363599.	2023-02-06	not yet calculated	CVE-2023-20608 MISC
mediatek — ccu	In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864.	2023-02-06	not yet calculated	CVE-2023-20609 MISC
mediatek — display_drm	In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469.	2023-02-06	not yet calculated	CVE-2023-20610 MISC
mediatek — gpu	In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678.	2023-02-06	not yet calculated	CVE-2023-20611 MISC
mediatek — ril	In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571.	2023-02-06	not yet calculated	CVE-2023-20612 MISC
mediatek — ril	In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614.	2023-02-06	not yet calculated	CVE-2023-20613 MISC
mediatek — ril	In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615.	2023-02-06	not yet calculated	CVE-2023-20614 MISC
mediatek — ril	In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629572; Issue ID: ALPS07629572.	2023-02-06	not yet calculated	CVE-2023-20615 MISC
mediatek — ion	In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.	2023-02-06	not yet calculated	CVE-2023-20616 MISC
mediatek — vcu	In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.	2023-02-06	not yet calculated	CVE-2023-20618 MISC
mediatek — vcu	In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.	2023-02-06	not yet calculated	CVE-2023-20619 MISC
samsung — secure_folder	An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.	2023-02-09	not yet calculated	CVE-2023-21419 MISC
samsung — stst_ta	Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.	2023-02-09	not yet calculated	CVE-2023-21420 MISC
samsung — knoxcustommanagerservice	Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.	2023-02-09	not yet calculated	CVE-2023-21421 MISC
samsung — wifiservice	Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.	2023-02-09	not yet calculated	CVE-2023-21422 MISC
samsung — chnfilesharekit	Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.	2023-02-09	not yet calculated	CVE-2023-21423 MISC
samsung — semchameleonhelper	Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.	2023-02-09	not yet calculated	CVE-2023-21424 MISC
samsung — telecom_application	Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.	2023-02-09	not yet calculated	CVE-2023-21425 MISC
samsung — nfc	Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.	2023-02-09	not yet calculated	CVE-2023-21426 MISC
samsung — nfctile	Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.	2023-02-09	not yet calculated	CVE-2023-21427 MISC
samsung — telephonyui	Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.	2023-02-09	not yet calculated	CVE-2023-21428 MISC
samsung — epdg	Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.	2023-02-09	not yet calculated	CVE-2023-21429 MISC
samsung — maptobuffer	An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.	2023-02-09	not yet calculated	CVE-2023-21430 MISC
samsung — bixby	Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision.	2023-02-09	not yet calculated	CVE-2023-21431 MISC
samsung — smart_things	Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.	2023-02-09	not yet calculated	CVE-2023-21432 MISC
samsung — galaxy_store	Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.	2023-02-09	not yet calculated	CVE-2023-21433 MISC
samsung — galaxy_store	Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.	2023-02-09	not yet calculated	CVE-2023-21434 MISC
samsung — fingerprint_ta	Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.	2023-02-09	not yet calculated	CVE-2023-21435 MISC
samsung — contacts	Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.	2023-02-09	not yet calculated	CVE-2023-21436 MISC
samsung — phone_application	Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.	2023-02-09	not yet calculated	CVE-2023-21437 MISC
samsung — homescreen	Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.	2023-02-09	not yet calculated	CVE-2023-21438 MISC
samsung — uwbdatatxstatusevent	Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.	2023-02-09	not yet calculated	CVE-2023-21439 MISC
samsung — windowmanagerservice	Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.	2023-02-09	not yet calculated	CVE-2023-21440 MISC
samsung — multiple_products	Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.	2023-02-09	not yet calculated	CVE-2023-21441 MISC
samsung — multiple_products	Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.	2023-02-09	not yet calculated	CVE-2023-21442 MISC
samsung — samsung_flow	Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands.	2023-02-09	not yet calculated	CVE-2023-21443 MISC
samsung — samsung_flow	Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands.	2023-02-09	not yet calculated	CVE-2023-21444 MISC
samsung — multiple_products	Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.	2023-02-09	not yet calculated	CVE-2023-21445 MISC
samsung — multiple_products	Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.	2023-02-09	not yet calculated	CVE-2023-21446 MISC
samsung — samsung_cloud	Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.	2023-02-09	not yet calculated	CVE-2023-21447 MISC
samsung — samsung_cloud	Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file.	2023-02-09	not yet calculated	CVE-2023-21448 MISC
samsung — one_hand_operation_+	Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting.	2023-02-09	not yet calculated	CVE-2023-21450 MISC
samsung — secril	A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.	2023-02-09	not yet calculated	CVE-2023-21451 MISC
suse — multiple_products	An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.	2023-02-07	not yet calculated	CVE-2023-22643 CONFIRM
zulip — zulip	Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue.	2023-02-07	not yet calculated	CVE-2023-22735 MISC MISC MISC MISC
ckan — ckan	CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn’t set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images).	2023-02-03	not yet calculated	CVE-2023-22746 MISC MISC MISC
ruby — ruby_gem	A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.	2023-02-09	not yet calculated	CVE-2023-22792 MISC
ruby — ruby_gem	A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.	2023-02-09	not yet calculated	CVE-2023-22794 MISC
ruby — ruby_gem	A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.	2023-02-09	not yet calculated	CVE-2023-22795 MISC
ruby — ruby_gem	A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.	2023-02-09	not yet calculated	CVE-2023-22796 MISC
ruby — rails	An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.	2023-02-09	not yet calculated	CVE-2023-22797 MISC
brave — adblock-lists	Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave’s redirect interceptor removal feature is known as “debouncing” and is intended to remove unnecessary redirects that track users across the web.	2023-02-09	not yet calculated	CVE-2023-22798 MISC
ruby — ruby_gem	A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.	2023-02-09	not yet calculated	CVE-2023-22799 MISC
apache — nifi	The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.	2023-02-10	not yet calculated	CVE-2023-22832 MISC MISC
expressionengine — expressionengine	In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.	2023-02-09	not yet calculated	CVE-2023-22953 MISC CONFIRM
invoiceplane — invoiceplane	Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php.	2023-02-07	not yet calculated	CVE-2023-23011 MISC MISC
sourcecodester — oretnom23_sales_management_system	Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php.	2023-02-07	not yet calculated	CVE-2023-23026 MISC
phpgurukul — art_gallery_management_system_project	A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.	2023-02-10	not yet calculated	CVE-2023-23161 MISC MISC MISC
phpgurukul — art_gallery_management_system_project	Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.	2023-02-10	not yet calculated	CVE-2023-23162 MISC MISC MISC
phpgurukul — art_gallery_management_system_project	Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.	2023-02-10	not yet calculated	CVE-2023-23163 MISC MISC MISC
provide — server	Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.	2023-02-10	not yet calculated	CVE-2023-23286 MISC MISC
solarview_compact — solarview_compact	There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.	2023-02-06	not yet calculated	CVE-2023-23333 MISC
ibm — infosphere_information_server	IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.	2023-02-08	not yet calculated	CVE-2023-23475 MISC
wallix — access_manager	WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.	2023-02-09	not yet calculated	CVE-2023-23592 MISC MISC
discourse — discourse	Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts.	2023-02-03	not yet calculated	CVE-2023-23615 MISC
go-unixfs — go-unixfs	go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.	2023-02-09	not yet calculated	CVE-2023-23625 MISC MISC
ipfs — go-bitfield	go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`.	2023-02-09	not yet calculated	CVE-2023-23626 MISC MISC
ipfs — go_unixfsnode	github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb’s implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-02-09	not yet calculated	CVE-2023-23631 MISC MISC MISC MISC
dell — command_intel_vpro_out_of_Band	Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.	2023-02-07	not yet calculated	CVE-2023-23696 MISC
dell — command_update	Dell Command \| Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.	2023-02-10	not yet calculated	CVE-2023-23698 MISC
synopsys — coverity	Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C	2023-02-06	not yet calculated	CVE-2023-23849 MISC
ubiquiti — multiple_products	A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.	2023-02-09	not yet calculated	CVE-2023-23912 MISC
switcherapi –switcher-client-master	Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations.	2023-02-03	not yet calculated	CVE-2023-23925 MISC MISC
pyca — cryptography	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.	2023-02-07	not yet calculated	CVE-2023-23931 MISC MISC
opendds — opendds	OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.	2023-02-03	not yet calculated	CVE-2023-23932 MISC MISC
opensearch-project — anomaly_detection	OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue.	2023-02-03	not yet calculated	CVE-2023-23933 MISC
pimcore — pimcore	Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16.	2023-02-03	not yet calculated	CVE-2023-23937 MISC MISC
openzeppelin — cairo_contracts	OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1.	2023-02-03	not yet calculated	CVE-2023-23940 MISC MISC
shopware — swagpaypal	SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.	2023-02-03	not yet calculated	CVE-2023-23941 MISC MISC
nextcloud — desktop_client	The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.	2023-02-06	not yet calculated	CVE-2023-23942 MISC MISC MISC
nextcloud — mail	Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.	2023-02-06	not yet calculated	CVE-2023-23943 MISC MISC MISC MISC MISC
nextcloud — mail	Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user’s passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue.	2023-02-06	not yet calculated	CVE-2023-23944 MISC MISC MISC
formwork — formwork	A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.	2023-02-10	not yet calculated	CVE-2023-24230 MISC MISC
inventory-management-system — inventory-management-system	A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter.	2023-02-10	not yet calculated	CVE-2023-24231 MISC MISC
php-inventory-management-system — php-inventory-management-system	A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.	2023-02-10	not yet calculated	CVE-2023-24232 MISC MISC
php-inventory-management-system — php-inventory-management-system	A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.	2023-02-10	not yet calculated	CVE-2023-24233 MISC MISC
php-inventory-management-system — php-inventory-management-system	A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.	2023-02-10	not yet calculated	CVE-2023-24234 MISC MISC
totolink — a7100ru	TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.	2023-02-06	not yet calculated	CVE-2023-24276 MISC
mojoportal — mojoportal	A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.	2023-02-09	not yet calculated	CVE-2023-24322 MISC MISC MISC
mojoportal — mojoportal	Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.	2023-02-09	not yet calculated	CVE-2023-24323 MISC MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.	2023-02-10	not yet calculated	CVE-2023-24343 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.	2023-02-10	not yet calculated	CVE-2023-24344 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.	2023-02-10	not yet calculated	CVE-2023-24345 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.	2023-02-10	not yet calculated	CVE-2023-24346 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.	2023-02-10	not yet calculated	CVE-2023-24347 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.	2023-02-10	not yet calculated	CVE-2023-24348 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.	2023-02-10	not yet calculated	CVE-2023-24349 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail.	2023-02-10	not yet calculated	CVE-2023-24350 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin.	2023-02-10	not yet calculated	CVE-2023-24351 MISC MISC
d-link — n300_wi-fi_router_ dir-605l	D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.	2023-02-10	not yet calculated	CVE-2023-24352 MISC MISC
dell — alienware_command_center	Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.	2023-02-10	not yet calculated	CVE-2023-24569 MISC
dell — command_monitor	Dell Command \| Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.	2023-02-10	not yet calculated	CVE-2023-24573 MISC
churchcrm — churchcrm	ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.	2023-02-09	not yet calculated	CVE-2023-24684 MISC MISC MISC
churchcrm — churchcrm	ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.	2023-02-09	not yet calculated	CVE-2023-24685 MISC MISC MISC
churchcrm — churchcrm	An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.	2023-02-09	not yet calculated	CVE-2023-24686 MISC MISC MISC
mojoportal — mojoportal	Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.	2023-02-09	not yet calculated	CVE-2023-24687 MISC MISC MISC
mojoportal — mojoportal	An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.	2023-02-09	not yet calculated	CVE-2023-24688 MISC MISC
mojoportal — mojoportal	An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the “s” parameter in /DesignTools/ManageSkin.aspx	2023-02-09	not yet calculated	CVE-2023-24689 MISC MISC
churchcrm — churchcrm	ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.	2023-02-09	not yet calculated	CVE-2023-24690 MISC MISC
pdfio — pdfio	PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Web servers or other automated processes which rely on this code to turn pdf submissions into plaintext can be DOSed when an attacker uploads the pdf. Please see the linked GHSA for an example pdf. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-02-07	not yet calculated	CVE-2023-24808 MISC MISC
dompdf — dompdf	Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it’s possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-02-07	not yet calculated	CVE-2023-24813 MISC MISC
typo3 — typo3	TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv(‘SCRIPT_NAME’)` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto – e.g. `config.absRefPrefix=/`. This workaround does not fix all aspects of the vulnerability, and is just considered to be an intermediate mitigation to the most prominent manifestation.	2023-02-07	not yet calculated	CVE-2023-24814 MISC MISC MISC MISC MISC MISC MISC
vert-x3 — vertx-web	Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return “/” + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized “ are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.	2023-02-09	not yet calculated	CVE-2023-24815 MISC MISC MISC
ipython — ipython	IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.	2023-02-10	not yet calculated	CVE-2023-24816 MISC MISC MISC MISC
anchore — syft	syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFT_ATTEST_PASSWORD environment variable. The `SYFT_ATTEST_PASSWORD` environment variable is for the `syft attest` command to generate attested SBOMs for the given container image. This environment variable is used to decrypt the private key (provided with `syft attest –key <path-to-key-file>`) during the signing process while generating an SBOM attestation. This vulnerability affects users running syft that have the `SYFT_ATTEST_PASSWORD` environment variable set with credentials (regardless of if the attest command is being used or not). Users that do not have the environment variable `SYFT_ATTEST_PASSWORD` set are not affected by this issue. The credentials are leaked in two ways: in the syft logs when `-vv` or `-vvv` are used in the syft command (which is any log level >= `DEBUG`) and in the attestation or SBOM only when the `syft-json` format is used. Note that as of v0.69.0 any generated attestations by the `syft attest` command are uploaded to the OCI registry (if you have write access to that registry) in the same way `cosign attach` is done. This means that any attestations generated for the affected versions of syft when the `SYFT_ATTEST_PASSWORD` environment variable was set would leak credentials in the attestation payload uploaded to the OCI registry. This issue has been patched in commit `9995950c70` and has been released as v0.70.0. There are no workarounds for this vulnerability. Users are advised to upgrade.	2023-02-07	not yet calculated	CVE-2023-24827 MISC MISC
theonedev — onedev	Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-02-08	not yet calculated	CVE-2023-24828 MISC MISC
couchbase — couchbase_server	Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.	2023-02-06	not yet calculated	CVE-2023-25016 MISC MISC MISC
nextcloud — security-advisories	Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue.	2023-02-08	not yet calculated	CVE-2023-25150 MISC MISC MISC
open-telemetry — opentelemetry-go-contrib	opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not “forget” previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue.	2023-02-08	not yet calculated	CVE-2023-25151 MISC MISC
pterodactyl — wings	Wings is Pterodactyl’s server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing “server” allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time.	2023-02-08	not yet calculated	CVE-2023-25152 MISC MISC
argoproj — argo-cd	Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-02-08	not yet calculated	CVE-2023-25163 MISC MISC MISC MISC
tinacms — tinacms	Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you’re on a version prior to 1.0.0 this vulnerability does not affect you. If you are affected and your Tina-enabled website has sensitive credentials stored as environment variables (eg. Algolia API keys) you should rotate those keys immediately. This issue has been patched in @tinacms/cli@1.0.9. Users are advised to upgrade. There are no known workarounds for this issue.	2023-02-08	not yet calculated	CVE-2023-25164 MISC MISC
helm — helm	Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install\|upgrade\|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.	2023-02-08	not yet calculated	CVE-2023-25165 MISC MISC
hapijs — formula	formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula’s parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.	2023-02-08	not yet calculated	CVE-2023-25166 MISC MISC
discourse — discourse	Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.	2023-02-08	not yet calculated	CVE-2023-25167 MISC MISC
pterodactyl — wings	Wings is Pterodactyl’s server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing “server” allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.	2023-02-09	not yet calculated	CVE-2023-25168 MISC MISC MISC
harfbuzz — harfbuzz	hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.	2023-02-04	not yet calculated	CVE-2023-25193 MISC MISC MISC FEDORA
apache — kafka_connect	A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector’s Kafka clients to “com.sun.security.auth.module.JndiLoginModule”, which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker’s LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property (“-Dorg.apache.kafka.disallowed.login.modules”) to disable the problematic login modules usage in SASL JAAS configuration. Also by default “com.sun.security.auth.module.JndiLoginModule” is disabled in Apache Kafka 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the “org.apache.kafka.disallowed.login.modules” system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.	2023-02-07	not yet calculated	CVE-2023-25194 MISC MISC
caphyon — advanced_installer	Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files.	2023-02-08	not yet calculated	CVE-2023-25396 MISC
datahub — datahub	DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.	2023-02-11	not yet calculated	CVE-2023-25557 MISC
datahub — datahub	DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086.	2023-02-11	not yet calculated	CVE-2023-25558 MISC MISC
datahub — datahub	DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079.	2023-02-11	not yet calculated	CVE-2023-25559 MISC
datahub — datahub	DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080.	2023-02-11	not yet calculated	CVE-2023-25560 MISC
datahub — datahub	DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081.	2023-02-11	not yet calculated	CVE-2023-25561 MISC MISC
datahub — datahub	DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083.	2023-02-11	not yet calculated	CVE-2023-25562 MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

Post author By admin
Post date February 9, 2023

Original release date: February 9, 2023

Summary

Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn about other ransomware threats and no-cost resources.

The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) (hereafter referred to as the “authoring agencies”) are issuing this joint Cybersecurity Advisory (CSA) to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities.

This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.

The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments—specific targets include Department of Defense Information Networks and Defense Industrial Base member networks. The IOCs in this product should be useful to sectors previously targeted by DPRK cyber operations (e.g., U.S. government, Department of Defense, and Defense Industrial Base). The authoring agencies highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks.

For additional information on state-sponsored DPRK malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.

Download the PDF version of this report: pdf, 661 kb.

Technical Details

Note: This advisory uses the MITRE ATT&CK for Enterprise framework, version 12. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques.

This CSA is supplementary to previous reports on malicious cyber actor activities involving DPRK ransomware campaigns—namely Maui and H0lyGh0st ransomware. The authoring agencies are issuing this advisory to highlight additional observed TTPs DPRK cyber actors are using to conduct ransomware attacks targeting South Korean and U.S. healthcare systems.

Observable TTPs

The TTPs associated with DPRK ransomware attacks include those traditionally observed in ransomware operations. Additionally, these TTPs span phases from acquiring and purchasing infrastructure to concealing DPRK affiliation:

Acquire Infrastructure [T1583]. DPRK actors generate domains, personas, and accounts; and identify cryptocurrency services to conduct their ransomware operations. Actors procure infrastructure, IP addresses, and domains with cryptocurrency generated through illicit cybercrime, such as ransomware and cryptocurrency theft.
Obfuscate Identity. DPRK actors purposely obfuscate their involvement by operating with or under third-party foreign affiliate identities and use third-party foreign intermediaries to receive ransom payments.
Purchase VPNs and VPSs [T1583.003]. DPRK cyber actors will also use virtual private networks (VPNs) and virtual private servers (VPSs) or third-country IP addresses to appear to be from innocuous locations instead of from DPRK.
Gain Access [TA0001]. Actors use various exploits of common vulnerabilities and exposures (CVE) to gain access and escalate privileges on networks. Recently observed CVEs that actors used to gain access include remote code execution in the Apache Log4j software library (known as Log4Shell) and remote code execution in various SonicWall appliances [T1190 and T1133]. Observed CVEs used include:
- CVE 2021-44228
- CVE-2021-20038
- CVE-2022-24990

Actors also likely spread malicious code through Trojanized files for “X-Popup,” an open source messenger commonly used by employees of small and medium hospitals in South Korea [T1195].

The actors spread malware by leveraging two domains: xpopup.pe[.]kr and xpopup.com. xpopup.pe[.]kr is registered to IP address 115.68.95[.]128 and xpopup[.]com is registered to IP address 119.205.197[.]111. Related file names and hashes are listed in table 1.

*Table 1: Malicious file names and hashes spread by xpopup domains*
File Name	MD5 Hash
xpopup.rar	1f239db751ce9a374eb9f908c74a31c9
X-PopUp.exe	6fb13b1b4b42bac05a2ba629f04e3d03
X-PopUp.exe	cf8ba073db7f4023af2b13dd75565f3d
xpopup.exe	4e71d52fc39f89204a734b19db1330d3
x-PopUp.exe	43d4994635f72852f719abb604c4a8a1
xpopup.exe	5ae71e8440bf33b46554ce7a7f3de666

Move Laterally and Discovery [TA0007, TA0008]. After initial access, DPRK cyber actors use staged payloads with customized malware to perform reconnaissance activities, upload and download additional files and executables, and execute shell commands [T1083, T1021]. The staged malware is also responsible for collecting victim information and sending it to the remote host controlled by the actors [TA0010].
Employ Various Ransomware Tools [TA0040]. Actors have used privately developed ransomware, such as Maui and H0lyGh0st [T1486]. Actors have also been observed using or possessing publically available tools for encryption, such as BitLocker, Deadbolt, ech0raix, GonnaCry, Hidden Tear, Jigsaw, LockBit 2.0, My Little Ransomware, NxRansomware, Ryuk, and YourRansom [T1486]. In some cases, DPRK actors have portrayed themselves as other ransomware groups, such as the REvil ransomware group. For IOCs associated with Maui and H0lyGh0st ransomware usage, please see Appendix B.
Demand Ransom in Cryptocurrency. DPRK cyber actors have been observed setting ransoms in bitcoin [T1486]. Actors are known to communicate with victims via Proton Mail email accounts. For private companies in the healthcare sector, actors may threaten to expose a company’s proprietary data to competitors if ransoms are not paid. Bitcoin wallet addresses possibly used by DPRK cyber actors include:
- 1MTHBCrBKYEthfa16zo9kabt4f9jMJz8Rm
- bc1q80vc4yjgg6umedkut3e9mhehxl4q4dcjjyzh59
- 1J8spy62o7z2AjQxoUpiCGnBh5cRWKVWJC
- 16ENLdHbnmDcEV8iqN4vuyZHa7sSdYRh76
- bc1q3wzxvu8yhs8h7mlkmf7277wyklkah9k4sm9anu
- bc1q8xyt4jxhw7mgqpwd6qfdjyxgvjeuz57jxrvgk9
- 1NqihEqYaQaWiZkPVdSMiTbt7dTy1LMxgX
- bc1qxrpevck3pq1yzrx2pq2rkvkvy0jnm56nzjv6pw
- 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
- 1KCwfCUgnSy3pzNX7U1i5NwFzRtth4bRBc
- 16sYqXancDDiijcuruZecCkdBDwDf4vSEC
- 1N6JphHFaYmYaokS5xH31Z67bvk4ykd9CP
- LZ1VNJfn6mWjPzkCyoBvqWaBZYXAwn135
- 1KmWW6LgdgykBBrSXrFu9kdoHz95Fe9kQF
- 1FX4W9rrG4F3Uc7gJ18GCwGab8XuW8Ajy2
- bc1qlqgu2l2kms5338zuc95kxavctzyy0v705tpvyc
- bc1qy6su7vrh7ts5ng2628escmhr98msmzg62ez2sp
- bc1q8t69gpxsezdcr8w6tfzp3jeptq4tcp2g9d0mwy
- bc1q9h7yj79sqm4t536q0fdn7n4y2atsvvl22m28ep
- bc1qj6y72rk039mqpgtcy7mwjd3eum6cx6027ndgmd
- bc1qcp557vltuu3qc6pk3ld0ayagrxuf2thp3pjzpe
- bc1ql8wsflrjf9zlusauynzjm83mupq6c9jz9vnqxg
- bc1qx60ec3nfd5yhsyyxkzkpts54w970yxj84zrdck
- bc1qunqnjdlvqkjuhtclfp8kzkjpvdz9qnk898xczp
- bc1q6024d73h48fnhwswhwt3hqz2lzw6x99q0nulm4
- bc1qwdvexlyvg3mqvqw7g6l09qup0qew80wjj9jh7x
- bc1qavrtge4p7dmcrnvhlvuhaarx8rek76wxyk7dgg
- bc1qagaayd57vr25dlqgk7f00nhz9qepqgnlnt4upu
- bc1quvnaxnpqlzq3mdhfddh35j7e7ufxh3gpc56hca
- bc1qu0pvfmtxawm8s99lcjvxapungtsmkvwyvak6cs
- bc1qg3zlxxhhcvt6hkuhmqml8y9pas76cajcu9ltdl
- bc1qn7a3g23nzpuytchyyteyhkcse84cnylznl3j32
- bc1qhfmqstxp3yp9muvuz29wk77vjtdyrkff4nrxpu
- bc1qnh8scrvuqvlzmzgw7eesyrmtes9c5m78duetf3
- bc1q7qry3lsrphmnw3exs7tkwzpvzjcxs942aq8n0y
- bc1qcmlcxfsy0zlqhh72jvvc4rh7hvwhx6scp27na0
- bc1q498fn0gauj2kkjsg35mlwk2cnxhaqlj7hkh8xy
- bc1qnz4udqkumjghnm2a3zt0w3ep8fwdcyv3krr3jq
- bc1qk0saaw7p0wrwla6u7tfjlxrutlgrwnudzx9tyw
- bc1qyue2pgjk09ps7qvfs559k8kee3jkcw4p4vdp57
- bc1q6qfkt06xmrpclht3acmq00p7zyy0ejydu89zwv
- bc1qmge6a7sp659exnx78zhm9zgrw88n6un0rl9trs
- bc1qcywkd7zqlwmjy36c46dpf8cq6ts6wgkjx0u7cn

Mitigations

Note: These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the U.S. National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. For more information on the CPGs, including additional recommended baseline protections, see cisa.gov/cpg.

The authoring agencies urge HPH organizations to:

Limit access to data by authenticating and encrypting connections (e.g., using public key infrastructure certificates in virtual private network (VPN) and transport layer security (TLS) connections) with network services, Internet of Things (IoT) medical devices, and the electronic health record system [CPG 3.3].
Implement the principle of least privilege by using standard user accounts on internal systems instead of administrative accounts [CPG 1.5], which grant excessive system administration privileges.
Turn off weak or unnecessary network device management interfaces, such as Telnet, SSH, Winbox, and HTTP for wide area networks (WANs) and secure with strong passwords and encryption when enabled.
Protect stored data by masking the permanent account number (PAN) when displayed and rendering it unreadable when stored—through cryptography, for example.
Secure the collection, storage, and processing practices for personally identifiable information (PII)/protected health information (PHI), per regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Implementing HIPAA security measures could prevent the introduction of malware to the system [CPG 3.4].
- Secure PII/ PHI at collection points and encrypt the data at rest and in transit using technologies, such as TLS. Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available.
- Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI.
Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer [CPG 8.1].
Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise [CPG 3.1].

In addition, the authoring agencies urge all organizations, including HPH Sector organizations, to apply the following recommendations to prepare for and mitigate ransomware incidents:

Maintain isolated backups of data, and regularly test backup and restoration [CPG 7.3]. These practices safeguard an organization’s continuity of operations or at least minimize potential downtime from a ransomware incident and protect against data losses.
- Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure.
Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response procedures for a ransomware incident [CPG 7.1, 7.2].
- Organizations should also ensure their incident response and communications plans include data breach incidents response and notification procedures. Ensure the notification procedures adhere to applicable laws.
- See the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide and CISA Fact Sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches for information on creating a ransomware response checklist and planning and responding to ransomware-caused data breaches.
Install updates for operating systems, software, and firmware as soon as they are released [CPG 5.1]. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. Regularly check for software updates and end-of-life notifications and prioritize patching known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.
If you use Remote Desktop Protocol (RDP), or other potentially risky services, secure and monitor them closely [CPG 5.4].
- Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources, and require phishing-resistant multifactor authentication (MFA) to mitigate credential theft and reuse [CPG 1.3]. If RDP must be available externally, use a VPN, virtual desktop infrastructure, or other means to authenticate and secure the connection before allowing RDP to connect to internal devices. Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts to block brute force campaigns, log RDP login attempts, and disable unused remote access/RDP ports [CPG 1.1, 3.1].
- Ensure devices are properly configured and that security features are enabled. Disable ports and protocols not in use for a business purpose (e.g., RDP Transmission Control Protocol port 3389).
- Restrict the Server Message Block (SMB) protocol within the network to only access necessary servers and remove or disable outdated versions of SMB (i.e., SMB version 1). Threat actors use SMB to propagate malware across organizations.
- Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity [CPG 5.6, 6.2].
- Implement application control policies that only allow systems to execute known and permitted programs [CPG 2.1].
- Open document readers in protected viewing modes to help prevent active content from running.
Implement a user training program and phishing exercises [CPG 4.3] to raise awareness among users about the risks of visiting websites, clicking on links, and opening attachments. Reinforce the appropriate user response to phishing and spearphishing emails.
Require phishing-resistant MFA for as many services as possible [CPG 1.3]—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups.
Use strong passwords [CPG 1.4] and avoid reusing passwords for multiple accounts. See CISA Tip Choosing and Protecting Passwords and National Institute of Standards and Technology (NIST) Special Publication 800-63B: Digital Identity Guidelines for more information.
Require administrator credentials to install software [CPG 1.5].
Audit user accounts with administrative or elevated privileges [CPG 1.5] and configure access controls with least privilege in mind.
Install and regularly update antivirus and antimalware software on all hosts.
Only use secure networks. Consider installing and using a VPN.
Consider adding an email banner to messages coming from outside your organizations [CPG 8.3] indicating that they are higher risk messages.
Consider participating in CISA’s no-cost Automated Indicator Sharing (AIS) program to receive real-time exchange of machine-readable cyber threat indicators and defensive measures.

If a ransomware incident occurs at your organization:

Follow your organization’s ransomware response checklist.
Scan backups. If possible, scan backup data with an antivirus program to check that it is free of malware. This should be performed using an isolated, trusted system to avoid exposing backups to potential compromise.
U.S. organizations: Follow the notification requirements as outlined in your cyber incident response plan. Report incidents to appropriate authorities; in the U.S., this would include the FBI at a local FBI Field Office, CISA at cisa.gov/report, or the U.S. Secret Service (USSS) at a USSS Field Office.
South Korean organizations: Please report incidents to NIS, KISA (Korea Internet & Security Agency), and KNPA (Korean National Police Agency).
- NIS (National Intelligence Service)
  - Telephone : 111
  - https://www.nis.go.kr
- KISA (Korea Internet & Security Agency)
  - Telephone : 118 (Consult Service)
  - https://www.boho.or.kr/consult/ransomware.do
- KNPA (Korean National Police Agency)
  - Electronic Cybercrime Report & Management System: https://ecrm.police.go.kr/minwon/main
Apply incident response best practices found in the joint Cybersecurity Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.

Resources

Stairwell provided a YARA rule to identify Maui ransomware, and a Proof of Concept public RSA key extractor at the following link:
https://www.stairwell.com/news/threat-research-report-maui-ransomware/

Request For Information

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, and/or benign samples of encrypted files. As stated above, the authoring agencies discourage paying ransoms. Payment does not guarantee files will be recovered and may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. However, the agencies understand that when victims are faced with an inability to function, all options are evaluated to protect shareholders, employees, and customers.

Regardless of whether you or your organization decide to pay a ransom, the authoring agencies urge you to promptly report ransomware incidents using the contact information above.

Acknowledgements

NSA, FBI, CISA, and HHS would like to thank ROK NIS and DSA for their contributions to this CSA.

Disclaimer of endorsement

The information and opinions contained in this document are provided “as is” and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.

Trademark recognition

Microsoft Threat Intelligence Center is a registered trademark of Microsoft Corporation. Apache®, Sonicwall, and Apache Log4j are trademarks of Apache Software Foundation. TerraMaster Operating System is a registered trademark of Octagon Systems.

Purpose

This document was developed in furtherance of the authors’ cybersecurity missions, including their responsibilities to identify and disseminate threats, and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.

Appendix A: CVE Details

CVE-2021-44228 CVSS 3.0: 10 (Critical)
Vulnerability Description Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Recommended Mitigations Apply patches provided by vendor and perform required system updates.
Detection Methods See vendors’ Guidance For Preventing, Detecting, and Hunting for Exploitation of the Log4j 2 Vulnerability.
Vulnerable Technologies and Versions There are numerous vulnerable technologies and versions associated with CVE-2021-44228. For a full list, please check https://nvd.nist.gov/vuln/detail/CVE-2021-44228.
See https://nvd.nist.gov/vuln/detail/CVE-2021-44228 for more information.

CVE-2021-20038 CVSS 3.0: 9.8 (Critical)
Vulnerability Description A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server’s mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
Recommended Mitigations Apply all appropriate vendor updates Upgrade to: SMA 100 Series – (SMA 200, 210, 400, 410, 500v (ESX, Hyper-V, KVM, AWS, Azure): SonicWall SMA100 build versions 10.2.0.9-41sv or later SonicWall SMA100 build versions 10.2.1.3-27sv or later System administrators should refer to the SonicWall Security Advisories in the reference section to determine affected applications/systems and appropriate fix actions. Support for 9.0.0 firmware ended on 10/31/2021. Customers still using that firmware are requested to upgrade to the latest 10.2.x versions.
Vulnerable Technologies and Versions Sonicwall Sma 200 Firmware 10.2.0.8-37Sv Sonicwall Sma 200 Firmware 10.2.1.1-19Sv Sonicwall Sma 200 Firmware 10.2.1.2-24Sv Sonicwall Sma 210 Firmware 10.2.0.8-37Sv Sonicwall Sma 210 Firmware 10.2.1.1-19Sv Sonicwall Sma 210 Firmware 10.2.1.2-24Sv Sonicwall Sma 410 Firmware 10.2.0.8-37Sv Sonicwall Sma 410 Firmware 10.2.1.1-19Sv Sonicwall Sma 410 Firmware 10.2.1.2-24Sv Sonicwall Sma 400 Firmware 10.2.0.8-37Sv Sonicwall Sma 400 Firmware 10.2.1.1-19Sv Sonicwall Sma 400 Firmware 10.2.1.2-24Sv Sonicwall Sma 500V Firmware 10.2.0.8-37Sv Sonicwall Sma 500V Firmware 10.2.1.1-19Sv Sonicwall Sma 500V Firmware 10.2.1.2-24Sv
See https://nvd.nist.gov/vuln/detail/CVE-2021-20038 for more information.

CVE-2022-24990 CVSS 3.x: N/A
Vulnerability Description The TerraMaster OS Unauthenticated Remote Command Execution via PHP Object Instantiation Vulnerability is characterized by scanning activity targeting a flaw in the script enabling a remote adversary to execute commands on the target endpoint. The vulnerability is created by improper input validation of the webNasIPS component in the api.php script and resides on the TNAS device appliances’ operating system where users manage storage, backup data, and configure applications. By exploiting the script flaw a remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system. This may result in complete compromise of the target system, including the exfiltration of information. TNAS devices can be chained to acquire unauthenticated remote code execution with highest privileges.
Recommended Mitigations Install relevant vendor patches. This vulnerability was patched in TOS version 4.2.30
Vulnerable Technologies and Versions TOS v 4.2.29
See https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/ and https://forum.terra-master.com/en/viewtopic.php?t=3030 for more information.

Appendix B: Indicators of Compromise (IOCs)

The IOC section includes hashes and IP addresses for the Maui and H0lyGh0st ransomware variants—as well as custom malware implants assumedly developed by DPRK cyber actors, such as remote access trojans (RATs), loaders, and other tools—that enable subsequent deployment of ransomware. For additional Maui IOCs, see joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector.

Table 2 lists MD5 and SHA256 hashes associated with malware implants, RATs, and other tools used by DPRK cyber actors, including tools that drop Maui ransomware files.

*Table 2: File names and hashes of malicious implants, RATs, and tools*
MD5Hash	SHA256Hash
079b4588eaa99a1e802adf5e0b26d8aa	f67ee77d6129bd1bcd5d856c0fc5314169 b946d32b8abaa4e680bb98130b38e7
0e9e256d8173854a7bc26982b1dde783	—
12c15a477e1a96120c09a860c9d479b3	6263e421e397db821669420489d2d3084 f408671524fd4e1e23165a16dda2225
131fc4375971af391b459de33f81c253	—
17c46ed7b80c2e4dbea6d0e88ea0827c	b9af4660da00c7fa975910d0a19fda0720 31c15fad1eef935a609842c51b7f7d
1875f6a68f70bee316c8a6eda9ebf8de	672ec8899b8ee513dbfc4590440a61023 846ddc2ca94c88ae637144305c497e7
1a74c8d8b74ca2411c1d3d22373a6769	ba8f9e7afe5f78494c111971c39a89111ef 9262bf23e8a764c6f65c818837a44
1f6d9f8fbdbbd4e6ed8cd73b9e95a928	4f089afa51fd0c1b2a39cc11cedb3a4a32 6111837a5408379384be6fe846e016
2d02f5499d35a8dffb4c8bc0b7fec5c2	830207029d83fd46a4a89cd623103ba23 21b866428aa04360376e6a390063570
2e18350194e59bc6a2a3f6d59da11bd8	655aa64860f1655081489cf85b77f72a49 de846a99dd122093db4018434b83ae
3bd22e0ac965ebb6a18bb71ba39e96dc	6b7f566889b80d1dba4f92d5e2fb2f5ef24 f57fcfd56bb594978dffe9edbb9eb
40f21743f9cb927b2c84ecdb7dfb14a6	5081f54761947bc9ce4aa2a259a0bd60b 4ec03d32605f8e3635c4d4edaf48894
4118d9adce7350c3eedeb056a3335346	5b7ecf7e9d0715f1122baf4ce745c5fcd76 9dee48150616753fec4d6da16e99e
43e756d80225bdf1200bc34eef5adca8	afb2d4d88f59e528f0e388705113ae54b7 b97db4f03a35ae43cc386a48f263a0
47791bf9e017e3001ddc68a7351ca2d6	863b707873f7d653911e46885e261380b 410bb3bf6b158daefb47562e93cb657
505262547f8879249794fc31eea41fc6	f32f6b229913d68daad937cc72a57aa452 91a9d623109ed48938815aa7b6005c
5130888a0ad3d64ad33c65de696d3fa2	c92c1f3e77a1876086ce530e87aa9c1f9c bc5e93c5e755b29cad10a2f3991435
58ad3103295afcc22bde8d81e77c282f	18b75949e03f8dcad513426f1f9f3ca209d 779c24cd4e941d935633b1bec00cb
5be1e382cd9730fbe386b69bd8045ee7	5ad106e333de056eac78403b033b89c58 b4c4bdda12e2f774625d47ccfd3d3ae
5c6f9c83426c6d33ff2d4e72c039b747	a3b7e88d998078cfd8cdf37fa5454c45f6c bd65f4595fb94b2e9c85fe767ad47
640e70b0230dc026eff922fb1e44c2ea	6319102bac226dfc117c3c9e620cd99c7e afbf3874832f2ce085850aa042f19c
67f4dad1a94ed8a47283c2c0c05a7594	3fe624c33790b409421f4fa2bb8abfd701d f2231a959493c33187ed34bec0ae7
70652edadedbacfd30d33a826853467d	196fb1b6eff4e7a049cea323459cfd6c0e3 900d8d69e1d80bffbaabd24c06eba
739812e2ae1327a94e441719b885bd19	6122c94cbfa11311bea7129ecd5aea6fae 6c51d23228f7378b5f6b2398728f67
76c3d2092737d964dfd627f1ced0af80	bffe910904efd1f69544daa9b72f2a70fb29 f73c51070bde4ea563de862ce4b1
802e7d6e80d7a60e17f9ffbd62fcbbeb	87bdb1de1dd6b0b75879d8b8aef80b562 ec4fad365d7abbc629bcfc1d386afa6
827103a6b6185191fd5618b7e82da292	—
830bc975a04ab0f62bfedf27f7aca673	—
85995257ac07ae5a6b4a86758a2283d7	—
85f6e3e3f0bdd0c1b3084fc86ee59d19	f1576627e8130e6d5fde0dbe3dffcc8bc9e ef1203d15fcf09cd877ced1ccc72a
87a6bda486554ab16c82bdfb12452e8b	980bb08ef3e8afcb8c0c1a879ec11c41b2 9fd30ac65436495e69de79c555b2be
891db50188a90ddacfaf7567d2d0355d	0837dd54268c373069fc5c1628c6e3d75e b99c3b3efc94c45b73e2cf9a6f3207
894de380a249e677be2acb8fbdfba2ef	—
8b395cc6ecdec0900facf6e93ec48fbb	—
92a6c017830cda80133bf97eb77d3292	d1aba3f95f11fc6e5fec7694d188919555b 7ff097500e811ff4a5319f8f230be
9b0e7c460a80f740d455a7521f0eada1	45d8ac1ac692d6bb0fe776620371fca02b 60cac8db23c4cc7ab5df262da42b78
9b9d4cb1f681f19417e541178d8c75d7	f5f6e538001803b0aa008422caf2c3c2a7 9b2eeee9ddc7feda710e4aba96fea4
a1f9e9f5061313325a275d448d4ddd59	dfdd72c9ce1212f9d9455e2bca5a327c88 d2d424ea5c086725897c83afc3d42d
a452a5f693036320b580d28ee55ae2a3	99b0056b7cc2e305d4ccb0ac0a8a270d3f ceb21ef6fc2eb13521a930cea8bd9f
a6e1efd70a077be032f052bb75544358	3b9fe1713f638f85f20ea56fd09d20a96cd 6d288732b04b073248b56cdaef878
ad4eababfe125110299e5a24be84472e	a557a0c67b5baa7cf64bd4d42103d3b285 2f67acf96b4c5f14992c1289b55eaa
b1c1d28dc7da1d58abab73fa98f60a83	38491f48d0cbaab7305b5ddca64ba41a2b eb89d81d5fb920e67d0c7334c89131
b6f91a965b8404d1a276e43e61319931	—
bdece9758bf34fcad9cba1394519019b	9d6de05f9a3e62044ad9ae66111308ccb9 ed2ee46a3ea37d85afa92e314e7127
c3850f4cc12717c2b54753f8ca5d5e0e	99b448e91669b92c2cc3417a4d9711209 509274dab5d7582baacfab5028a818c
c50b839f2fc3ce5a385b9ae1c05def3a	458d258005f39d72ce47c111a7d17e8c52 fe5fc7dd98575771640d9009385456
cf236bf5b41d26967b1ce04ebbdb4041	60425a4d5ee04c8ae09bfe28ca33bf9e76 a43f69548b2704956d0875a0f25145
d0e203e8845bf282475a8f816340f2e8	f6375c5276d1178a2a0fe1a16c5668ce52 3e2f846c073bf75bb2558fdec06531
ddb1f970371fa32faae61fc5b8423d4b	dda53eee2c5cb0abdbf5242f5e82f4de83 898b6a9dd8aa935c2be29bafc9a469
f2f787868a3064407d79173ac5fc0864	92adc5ea29491d9245876ba0b29573936 33c9998eb47b3ae1344c13a44cd59ae
fda3a19afa85912f6dc8452675245d6b	56925a1f7d853d814f80e98a1c4890b0a6 a84c83a8eded34c585c98b2df6ab19
—	0054147db54544d77a9efd9baf5ec96a80 b430e170d6e7c22fcf75261e9a3a71
—	151ab3e05a23e9ccd03a6c49830dabb9e 9281faf279c31ae40b13e6971dd2fb8
—	1c926fb3bd99f4a586ed476e4683163892 f3958581bf8c24235cd2a415513b7f
—	1f8dcfaebbcd7e71c2872e0ba2fc6db81d6 51cf654a21d33c78eae6662e62392
—	f226086b5959eb96bd30dec0ffcbf0f0918 6cd11721507f416f1c39901addafb
—	23eff00dde0ee27dabad28c1f4ffb8b09e8 76f1e1a77c1e6fb735ab517d79b76
—	586f30907c3849c363145bfdcdabe3e2e4 688cbd5688ff968e984b201b474730
—	8ce219552e235dcaf1c694be122d6339e d4ff8df70bf358cd165e6eb487ccfc5
—	90fb0cd574155fd8667d20f97ac464eca67 bdb6a8ee64184159362d45d79b6a4
—	c2904dc8bbb569536c742fca0c51a766e8 36d0da8fac1c1abd99744e9b50164f
—	ca932ccaa30955f2fffb1122234fb1524f7d e3a8e0044de1ed4fe05cab8702a5
—	f6827dc5af661fbb4bf64bc625c78283ef8 36c6985bb2bfb836bd0c8d5397332
—	f78cabf7a0e7ed3ef2d1c976c1486281f56 a6503354b87219b466f2f7a0b65c4

Table 3 lists MD5 and SHA256 hashes are associated with Maui Ransomware files.

*Table 3: File names and hashes of Maui ransomware files*
MD5 Hash	SHA256 Hash
4118d9adce7350c3eedeb056a3335346	5b7ecf7e9d0715f1122baf4ce745c5fcd76 9dee48150616753fec4d6da16e99e
9b0e7c460a80f740d455a7521f0eada1	45d8ac1ac692d6bb0fe776620371fca02b 60cac8db23c4cc7ab5df262da42b78
fda3a19afa85912f6dc8452675245d6b	56925a1f7d853d814f80e98a1c4890b0a6 a84c83a8eded34c585c98b2df6ab19
2d02f5499d35a8dffb4c8bc0b7fec5c2	830207029d83fd46a4a89cd623103ba232 1b866428aa04360376e6a390063570
c50b839f2fc3ce5a385b9ae1c05def3a	458d258005f39d72ce47c111a7d17e8c52 fe5fc7dd98575771640d9009385456
a452a5f693036320b580d28ee55ae2a3	99b0056b7cc2e305d4ccb0ac0a8a270d3f ceb21ef6fc2eb13521a930cea8bd9f
a6e1efd70a077be032f052bb75544358	3b9fe1713f638f85f20ea56fd09d20a96cd6 d288732b04b073248b56cdaef878
802e7d6e80d7a60e17f9ffbd62fcbbeb	87bdb1de1dd6b0b75879d8b8aef80b562e c4fad365d7abbc629bcfc1d386afa6
—	0054147db54544d77a9efd9baf5ec96a80b 430e170d6e7c22fcf75261e9a3a71

Table 4 lists MD5 and SHA256 hashes associated with H0lyGh0st Ransomware files.

*Table 4: File names and hashes of H0lyGh0st ransomware files*
SHA256 Hash
99fc54786a72f32fd44c7391c2171ca31e72ca52725c68e2dde94d04c286fccd*
F8fc2445a9814ca8cf48a979bff7f182d6538f4d1ff438cf259268e8b4b76f86*
Bea866b327a2dc2aa104b7ad7307008919c06620771ec3715a059e675d9f40af*
6e20b73a6057f8ff75c49e1b7aef08abfcfe4e418e2c1307791036f081335c2d
f4d10b08d7dacd8fe33a6b54a0416eecdaed92c69c933c4a5d3700b8f5100fad
541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219
2d978df8df0cf33830aba16c6322198e5889c67d49b40b1cb1eb236bd366826d
414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7
Df0c7bb88e3c67d849d78d13cee30671b39b300e0cda5550280350775d5762d8

MD5 Hash
a2c2099d503fcc29478205f5aef0283b
9c516e5b95a7e4169ecbd133ed4d205f
d6a7b5db62bf7815a10a17cdf7ddbd4b
c6949a99c60ef29d20ac8a9a3fb58ce5
4b20641c759ed563757cdd95c651ee53
25ee4001eb4e91f7ea0bc5d07f2a9744
29b6b54e10a96e6c40e1f0236b01b2e8
18126be163eb7df2194bb902c359ba8e
eaf6896b361121b2c315a35be837576d
e4ee611533a28648a350f2dab85bb72a
e268cb7ab778564e88d757db4152b9fa

* from Microsoft blog post on h0lygh0st

Contact Information

NSA Client Requirements / General Cybersecurity Inquiries: CybersecurityReports@nsa.gov
Defense Industrial Base Inquiries and Cybersecurity Services: DIB_Defense@cyber.nsa.gov
To report incidents and anomalous activity related to information found in this Joint Cybersecurity Advisory, contact CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870 or your local FBI field office at www.fbi.gov/contact-us/field. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.

Media Inquiries / Press Desk:

NSA Media Relations, 443-634-0721, MediaRelations@nsa.gov
CISA Media Relations, 703-235-2010, CISAMedia@cisa.dhs.gov

Revisions

February 9, 2023: Initial Version

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

#StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

Post author By admin
Post date February 9, 2023

Original release date: February 9, 2023

CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities, to provide information on ransomware activity used by North Korean state-sponsored cyber to target various critical infrastructure sectors, especially Healthcare and Public Health (HPH) Sector organizations.

The authoring agencies urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

Train users to recognize and report phishing attempts.
Enable and enforce phishing-resistant multifactor authentication.
Install and regularly update antivirus and antimalware software on all hosts.

See Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities for ransomware actor’s tactics, techniques, and procedures, indicators of compromise, and recommended mitigations. Additionally, review StopRansomware.gov for more guidance on ransomware protection, detection, and response.

For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.

This product is provided subject to this Notification and this Privacy & Use policy.

alerts

OpenSSL Releases Security Advisory

Post author By admin
Post date February 9, 2023

Original release date: February 9, 2023

OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0.0, 2.2.2, and 1.0.2. An attacker could exploit some of these vulnerabilities to obtain sensitive information.

CISA encourages users and administrators to review the OpenSSL advisory and make the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Managed Security Services

Cyber Threat Intelligence

iDNA

SiON

About Us

Leadership

Advisors

Cyber Security Assessment

SOC Cost Calculator

Request a Dark Web Report

Cyber Security Threat Alerts

What is Incident Response?

SOC 2 Compliance

Cyber Security Definitions and Terminology

Cyber Security Jobs

Blog

Podcast

Instagram

LinkedIn

Twitter

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Company

Our services

Resources

Partners

Cyber news

Weekly Newsletter

Subscribe to our weekly newsletter on cyber news and best practices!