Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24233 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. | |||||
| CVE-2023-24234 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. | |||||
| CVE-2023-24232 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | |||||
| CVE-2023-24231 | 1 Inventory Management System Project | 1 Inventory Management System | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. | |||||
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2023-02-17 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | |||||
| CVE-2023-23626 | 1 Protocol | 1 Go-bitfield | 2023-02-17 | N/A | 7.5 HIGH |
| go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`. | |||||
| CVE-2022-34452 | 1 Dell | 1 Powerpath Management Appliance | 2023-02-17 | N/A | 2.7 LOW |
| PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. | |||||
| CVE-2023-23631 | 1 Protocol | 1 Go-unixfsnode | 2023-02-17 | N/A | 7.5 HIGH |
| github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-42439 | 3 Ibm, Linux, Microsoft | 4 Aix, App Connect Enterprise, Linux Kernel and 1 more | 2023-02-17 | N/A | 4.9 MEDIUM |
| IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. | |||||
| CVE-2022-31259 | 1 Beego | 1 Beego | 2023-02-17 | 6.8 MEDIUM | 9.8 CRITICAL |
| The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). | |||||
| CVE-2023-23625 | 1 Protocol | 1 Go-unixfs | 2023-02-17 | N/A | 7.5 HIGH |
| go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions. | |||||
| CVE-2022-34454 | 1 Dell | 1 Emc Powerscale Onefs | 2023-02-17 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. | |||||
| CVE-2022-45699 | 1 Apsystems | 2 Ecu-r, Ecu-r Firmware | 2023-02-17 | N/A | 9.8 CRITICAL |
| Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. | |||||
| CVE-2022-21940 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2023-02-17 | N/A | 6.1 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | |||||
| CVE-2022-44570 | 1 Rack Project | 1 Rack | 2023-02-17 | N/A | 7.5 HIGH |
| A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. | |||||
| CVE-2023-23592 | 1 Wallix | 1 Bastion Access Manager | 2023-02-17 | N/A | 7.5 HIGH |
| WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. | |||||
| CVE-2022-3484 | 1 Wpb Show Core Project | 1 Wpb Show Core | 2023-02-17 | N/A | 6.1 MEDIUM |
| The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2023-21450 | 1 Samsung | 1 One Hand Operation \+ | 2023-02-17 | N/A | 2.1 LOW |
| Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. | |||||
| CVE-2023-21448 | 1 Samsung | 1 Cloud | 2023-02-17 | N/A | 3.3 LOW |
| Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. | |||||
| CVE-2023-21447 | 1 Samsung | 1 Cloud | 2023-02-17 | N/A | 3.3 LOW |
| Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. | |||||