Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23131 | 1 Selfwealth | 1 Selfwealth | 2023-02-08 | N/A | 7.5 HIGH |
| Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. | |||||
| CVE-2022-3990 | 1 Hp | 1 Hpsfviewer | 2023-02-08 | N/A | 7.8 HIGH |
| HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. | |||||
| CVE-2022-23455 | 1 Hp | 1 Support Assistant | 2023-02-08 | N/A | 7.8 HIGH |
| Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | |||||
| CVE-2022-23454 | 1 Hp | 1 Support Assistant | 2023-02-08 | N/A | 7.8 HIGH |
| Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | |||||
| CVE-2022-23453 | 1 Hp | 1 Support Assistant | 2023-02-08 | N/A | 7.8 HIGH |
| Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | |||||
| CVE-2022-47699 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2023-02-08 | N/A | 9.8 CRITICAL |
| COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-0524 | 1 Tenable | 3 Nessus, Tenable.io, Tenable.sc | 2023-02-07 | N/A | 8.8 HIGH |
| As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. | |||||
| CVE-2022-4206 | 1 Gitlab | 1 Dast Api Scanner | 2023-02-07 | N/A | 6.5 MEDIUM |
| A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report | |||||
| CVE-2023-22611 | 1 Schneider-electric | 3 Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020, Ecostruxure Geo Scada Expert 2021 | 2023-02-07 | N/A | 7.5 HIGH |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022) | |||||
| CVE-2022-25967 | 1 Eta.js | 1 Eta | 2023-02-07 | N/A | 8.8 HIGH |
| Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. | |||||
| CVE-2021-46873 | 2 Microsoft, Wireguard | 2 Windows, Wireguard | 2023-02-07 | N/A | 5.3 MEDIUM |
| WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless. | |||||
| CVE-2022-46357 | 1 Hp | 1 Security Manager | 2023-02-07 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||
| CVE-2022-46356 | 1 Hp | 1 Security Manager | 2023-02-07 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||
| CVE-2022-46359 | 1 Hp | 1 Security Manager | 2023-02-07 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||
| CVE-2022-46358 | 1 Hp | 1 Security Manager | 2023-02-07 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||
| CVE-2023-24059 | 1 Rockstargames | 1 Grand Theft Auto V | 2023-02-07 | N/A | 7.3 HIGH |
| Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023. | |||||
| CVE-2023-23611 | 1 Openedx | 1 Xblock-lti-consumer | 2023-02-06 | N/A | 5.4 MEDIUM |
| LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. An LTI tool submits scores to the edX platform for line items. The code that uploads that score to the LMS grade tables determines which XBlock to upload the grades for by reading the resource_link_id field of the associated line item. The LTI tool may submit any value for the resource_link_id field, allowing a malicious LTI tool to submit scores for any LTI XBlock on the platform. The impact is a loss of integrity for LTI XBlock grades. This issue is patched in 7.2.2. No workarounds exist. | |||||
| CVE-2023-21675 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2023-02-06 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | |||||
| CVE-2022-4130 | 1 Redhat | 1 Satellite | 2023-02-06 | N/A | 4.5 MEDIUM |
| A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. | |||||
| CVE-2022-47100 | 1 Sengled | 2 Es21-n1eaw, Es21-n1eaw Firmware | 2023-02-06 | N/A | 7.5 HIGH |
| A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame. | |||||