Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2023-22912
|
N/A |
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
|
20 Jan 2023
|
|
|
CVE-2023-24021
|
N/A |
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
|
20 Jan 2023
|
|
|
CVE-2022-45558
|
N/A |
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag.
|
20 Jan 2023
|
|
|
CVE-2023-24025
|
N/A |
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.
|
20 Jan 2023
|
|
|
CVE-2022-45748
|
N/A |
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
|
20 Jan 2023
|
|
|
CVE-2023-24026
|
N/A |
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
|
20 Jan 2023
|
|
|
CVE-2023-24027
|
N/A |
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
|
20 Jan 2023
|
|
|
CVE-2022-47012
|
N/A |
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
|
20 Jan 2023
|
|
|
CVE-2022-48123
|
N/A |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.
|
20 Jan 2023
|
|
|
CVE-2022-48124
|
N/A |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.
|
20 Jan 2023
|
|
|
CVE-2022-48120
|
N/A |
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.
|
20 Jan 2023
|
|
|
CVE-2022-48121
|
N/A |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.
|
20 Jan 2023
|
|
|
CVE-2022-48122
|
N/A |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.
|
20 Jan 2023
|
|
|
CVE-2022-47024
|
N/A |
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
|
20 Jan 2023
|
|
|
CVE-2022-47732
|
N/A |
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
|
20 Jan 2023
|
|
|
CVE-2022-47747
|
N/A |
kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.
|
20 Jan 2023
|
|
|
CVE-2022-47015
|
N/A |
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
|
20 Jan 2023
|
|
|
CVE-2022-47021
|
N/A |
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
|
20 Jan 2023
|
|
|
CVE-2021-37500
|
N/A |
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.
|
20 Jan 2023
|
|
|
CVE-2022-45541
|
N/A |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
|
20 Jan 2023
|
|
|
CVE-2022-45542
|
N/A |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
|
20 Jan 2023
|
|
|
CVE-2022-45557
|
N/A |
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names.
|
20 Jan 2023
|
|
|
CVE-2022-39193
|
N/A |
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.
|
20 Jan 2023
|
|
|
CVE-2022-45537
|
N/A |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
|
20 Jan 2023
|
|
|
CVE-2022-45538
|
N/A |
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
|
20 Jan 2023
|
CVE-2023-22912
N/A
20 Jan 2023
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
CVE-2023-24021
N/A
20 Jan 2023
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVE-2022-45558
N/A
20 Jan 2023
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag.
CVE-2023-24025
N/A
20 Jan 2023
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.
CVE-2022-45748
N/A
20 Jan 2023
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
CVE-2023-24026
N/A
20 Jan 2023
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
CVE-2023-24027
N/A
20 Jan 2023
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
CVE-2022-47012
N/A
20 Jan 2023
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
CVE-2022-48123
N/A
20 Jan 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.
CVE-2022-48124
N/A
20 Jan 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.
CVE-2022-48120
N/A
20 Jan 2023
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.
CVE-2022-48121
N/A
20 Jan 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.
CVE-2022-48122
N/A
20 Jan 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.
CVE-2022-47024
N/A
20 Jan 2023
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
CVE-2022-47732
N/A
20 Jan 2023
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.
CVE-2022-47747
N/A
20 Jan 2023
kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.
CVE-2022-47015
N/A
20 Jan 2023
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
CVE-2022-47021
N/A
20 Jan 2023
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
CVE-2021-37500
N/A
20 Jan 2023
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.
CVE-2022-45541
N/A
20 Jan 2023
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
CVE-2022-45542
N/A
20 Jan 2023
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
CVE-2022-45557
N/A
20 Jan 2023
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names.
CVE-2022-39193
N/A
20 Jan 2023
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression rights.
CVE-2022-45537
N/A
20 Jan 2023
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
CVE-2022-45538
N/A
20 Jan 2023
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
Page 732 of 752
Page 732 of 752