Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23551 | 1 Controlbyweb | 2 X-600m, X-600m Firmware | 2023-02-22 | N/A | 9.8 CRITICAL |
| Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-22370 | 1 Planex | 1 Cs-wmv02g | 2023-02-22 | N/A | 5.2 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||
| CVE-2023-0818 | 1 Gpac | 1 Gpac | 2023-02-22 | N/A | 5.5 MEDIUM |
| Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. | |||||
| CVE-2023-24991 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19813) | |||||
| CVE-2023-24990 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19812) | |||||
| CVE-2023-24989 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19811) | |||||
| CVE-2023-24988 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19810) | |||||
| CVE-2023-24987 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19809) | |||||
| CVE-2023-24986 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19808) | |||||
| CVE-2023-24985 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19807) | |||||
| CVE-2023-24984 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19806) | |||||
| CVE-2023-0817 | 1 Gpac | 1 Gpac | 2023-02-22 | N/A | 7.8 HIGH |
| Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. | |||||
| CVE-2022-47034 | 1 Playsms | 1 Playsms | 2023-02-22 | N/A | 9.8 CRITICAL |
| A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication. | |||||
| CVE-2015-10079 | 1 Walrusirc Project | 1 Walrusirc | 2023-02-22 | N/A | 6.1 MEDIUM |
| A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The name of the patch is 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751. | |||||
| CVE-2023-25572 | 1 Marmelab | 2 Ra-ui-materialui, React-admin | 2023-02-22 | N/A | 5.4 MEDIUM |
| react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn't sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `<RichTextField>` by a custom field doing sanitization by hand. | |||||
| CVE-2023-24983 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19805) | |||||
| CVE-2023-24982 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19804) | |||||
| CVE-2023-24981 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19791) | |||||
| CVE-2023-24980 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19790) | |||||
| CVE-2023-22375 | 1 Planex | 2 Cs-wmv02g, Cs-wmv02g Firmware | 2023-02-22 | N/A | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer. | |||||