Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2022-45564
|
N/A |
SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet.
|
21 Feb 2023
|
|
|
CVE-2023-23009
|
N/A |
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
|
21 Feb 2023
|
|
|
CVE-2022-31394
|
N/A |
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
|
21 Feb 2023
|
|
|
CVE-2023-22920
|
N/A |
A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.
|
21 Feb 2023
|
|
|
CVE-2023-20855
|
N/A |
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
|
21 Feb 2023
|
|
|
CVE-2023-20858
|
N/A |
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
|
21 Feb 2023
|
|
|
CVE-2023-24320
|
N/A |
An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.
|
21 Feb 2023
|
|
|
CVE-2023-0934
|
MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5.
|
21 Feb 2023
|
|
|
CVE-2023-26266
|
N/A |
In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.
|
21 Feb 2023
|
|
|
CVE-2023-26267
|
N/A |
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR.
|
21 Feb 2023
|
|
|
CVE-2022-45677
|
N/A |
SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php.
|
21 Feb 2023
|
|
|
CVE-2022-46637
|
N/A |
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.
|
21 Feb 2023
|
|
|
CVE-2022-48340
|
N/A |
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.
|
21 Feb 2023
|
|
|
CVE-2023-24081
|
N/A |
Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.
|
21 Feb 2023
|
|
|
CVE-2023-24184
|
N/A |
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
|
21 Feb 2023
|
|
|
CVE-2023-26249
|
N/A |
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
|
21 Feb 2023
|
|
|
CVE-2023-26253
|
N/A |
In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.
|
21 Feb 2023
|
|
|
CVE-2023-26265
|
N/A |
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.
|
21 Feb 2023
|
|
|
CVE-2023-24080
|
N/A |
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.
|
21 Feb 2023
|
|
|
CVE-2022-3901
|
N/A |
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
|
20 Feb 2023
|
|
|
CVE-2022-48320
|
N/A |
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages.
|
20 Feb 2023
|
|
|
CVE-2022-48319
|
N/A |
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.
|
20 Feb 2023
|
|
|
CVE-2022-48318
|
N/A |
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
|
20 Feb 2023
|
|
|
CVE-2022-48317
|
N/A |
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.
|
20 Feb 2023
|
|
|
CVE-2022-46303
|
N/A |
Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.
|
20 Feb 2023
|
CVE-2022-45564
N/A
21 Feb 2023
SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet.
CVE-2023-23009
N/A
21 Feb 2023
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.
CVE-2022-31394
N/A
21 Feb 2023
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
CVE-2023-22920
N/A
21 Feb 2023
A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.
CVE-2023-20855
N/A
21 Feb 2023
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
CVE-2023-20858
N/A
21 Feb 2023
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
CVE-2023-24320
N/A
21 Feb 2023
An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.
CVE-2023-0934
MEDIUM
21 Feb 2023
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5.
CVE-2023-26266
N/A
21 Feb 2023
In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.
CVE-2023-26267
N/A
21 Feb 2023
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR.
CVE-2022-45677
N/A
21 Feb 2023
SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php.
CVE-2022-46637
N/A
21 Feb 2023
Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.
CVE-2022-48340
N/A
21 Feb 2023
In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.
CVE-2023-24081
N/A
21 Feb 2023
Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.
CVE-2023-24184
N/A
21 Feb 2023
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
CVE-2023-26249
N/A
21 Feb 2023
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
CVE-2023-26253
N/A
21 Feb 2023
In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.
CVE-2023-26265
N/A
21 Feb 2023
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.
CVE-2023-24080
N/A
21 Feb 2023
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.
CVE-2022-3901
N/A
20 Feb 2023
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
CVE-2022-48320
N/A
20 Feb 2023
Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Checkmk <= 2.0.0p31, and all versions of Checkmk 1.6.0 (EOL) allow an attacker to add new visual elements to multiple pages.
CVE-2022-48319
N/A
20 Feb 2023
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.
CVE-2022-48318
N/A
20 Feb 2023
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation.
CVE-2022-48317
N/A
20 Feb 2023
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.
CVE-2022-46303
N/A
20 Feb 2023
Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.
Page 538 of 628
Page 538 of 628