Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24351 | 2 D-link, Dlink | 2 Dir-605l, Dir-605l Firmware | 2023-02-21 | N/A | 9.8 CRITICAL |
| D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin. | |||||
| CVE-2023-21422 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | |||||
| CVE-2023-21421 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 7.8 HIGH |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | |||||
| CVE-2022-38777 | 2 Elastic, Microsoft | 3 Endgame, Endpoint Security, Windows | 2023-02-21 | N/A | 7.8 HIGH |
| An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | |||||
| CVE-2022-45104 | 1 Dell | 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2023-02-21 | N/A | 8.8 HIGH |
| Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system. | |||||
| CVE-2022-34451 | 1 Dell | 1 Powerpath Management Appliance | 2023-02-21 | N/A | 4.8 MEDIUM |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. | |||||
| CVE-2022-34450 | 1 Dell | 1 Powerpath Management Appliance | 2023-02-21 | N/A | 6.7 MEDIUM |
| PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. | |||||
| CVE-2022-34449 | 1 Dell | 1 Powerpath Management Appliance | 2023-02-21 | N/A | 6.0 MEDIUM |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. | |||||
| CVE-2023-22797 | 2 Actionpack Project, Rubyonrails | 2 Actionpack, Rails | 2023-02-21 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. | |||||
| CVE-2023-21442 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. | |||||
| CVE-2021-3439 | 1 Hp | 754 200 G3 All-in-one \(rom Family Ssid 8431\), 200 G3 All-in-one \(rom Family Ssid 8431\) Firmware, 200 G3 All-in-one \(rom Family Ssid 84de\) and 751 more | 2023-02-21 | N/A | 7.8 HIGH |
| HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. | |||||
| CVE-2022-34448 | 1 Dell | 1 Powerpath Management Appliance | 2023-02-21 | N/A | 8.8 HIGH |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. | |||||
| CVE-2022-34447 | 1 Dell | 1 Powerpath Management Appliance | 2023-02-21 | N/A | 7.2 HIGH |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. | |||||
| CVE-2023-21432 | 1 Samsung | 1 Smart Things | 2023-02-21 | N/A | 7.8 HIGH |
| Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | |||||
| CVE-2021-32861 | 2023-02-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-32856. Reason: This candidate is a reservation duplicate of CVE-2021-32856. Notes: All CVE users should reference CVE-2021-32856 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-4898 | 1 Octopus | 1 Octopus Server | 2023-02-21 | N/A | 5.4 MEDIUM |
| In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS | |||||
| CVE-2022-45770 | 1 Adguard | 1 Adguard | 2023-02-21 | N/A | 7.8 HIGH |
| Improper input validation in driver adgnetworkwfpdrv.sys in Adguard For Windows x86 up to version 7.11 allows attacker to gain local privileges escalation. | |||||
| CVE-2022-4486 | 1 Meteor Slides Project | 1 Meteor Slides | 2023-02-20 | N/A | 5.4 MEDIUM |
| The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4010 | 1 Webdevocean | 1 Image Hover Effects | 2023-02-20 | N/A | 4.8 MEDIUM |
| The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2020-12403 | 1 Mozilla | 1 Nss | 2023-02-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. | |||||