Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46023 | 1 Mruby | 1 Mruby | 2023-02-22 | N/A | 7.5 HIGH |
| An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. | |||||
| CVE-2023-0091 | 1 Redhat | 2 Keycloak, Single Sign-on | 2023-02-22 | N/A | 3.8 LOW |
| A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. | |||||
| CVE-2023-0782 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2023-02-22 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640. | |||||
| CVE-2023-24161 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-22 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | |||||
| CVE-2023-24160 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-22 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. | |||||
| CVE-2023-24159 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-22 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. | |||||
| CVE-2022-4286 | 1 Br-automation | 1 Automation Runtime | 2023-02-22 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. | |||||
| CVE-2022-38396 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 8 more | 2023-02-22 | N/A | 7.8 HIGH |
| HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021. | |||||
| CVE-2023-24524 | 1 Sap | 1 S\/4hana | 2023-02-22 | N/A | 6.5 MEDIUM |
| SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability. | |||||
| CVE-2023-24528 | 1 Sap | 1 Fiori | 2023-02-22 | N/A | 6.5 MEDIUM |
| SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents. | |||||
| CVE-2022-43469 | 1 Orchestrated | 1 Corona Virus \(covid-19\) Banner \& Live Data | 2023-02-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions. | |||||
| CVE-2023-25066 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2023-02-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. | |||||
| CVE-2023-25758 | 1 Onekey | 4 Onekey Mini, Onekey Mini Firmware, Onekey Touch and 1 more | 2023-02-22 | N/A | 4.2 MEDIUM |
| Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected." | |||||
| CVE-2015-2906 | 1 Mobile Devices | 1 C4 Obd-ii Dongle Firmware | 2023-02-22 | 9.0 HIGH | N/A |
| Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. | |||||
| CVE-2022-35868 | 1 Siemens | 2 Tia Multiuser Server, Tia Project-server | 2023-02-22 | N/A | 7.3 HIGH |
| A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. | |||||
| CVE-2022-31808 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2022-47977 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-47936 | 1 Siemens | 3 Jt Open Toolkit, Jt Utilities, Parasolid | 2023-02-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-42292 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2023-02-22 | N/A | 7.8 HIGH |
| NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. | |||||
| CVE-2022-42783 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-22 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||