Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0174 | 1 Rextheme | 1 Wp Vr | 2023-02-14 | N/A | 5.4 MEDIUM |
| The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0173 | 1 Getwpfunnels | 1 Drag \& Drop Sales Funnel Builder | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0171 | 1 Twinpictures | 1 Jquery T\(-\) Countdown Widget | 2023-02-14 | N/A | 5.4 MEDIUM |
| The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-23620 | 1 Discourse | 1 Discourse | 2023-02-14 | N/A | 5.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2022-40135 | 1 Lenovo | 269 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 266 more | 2023-02-14 | N/A | 4.4 MEDIUM |
| An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | |||||
| CVE-2023-0170 | 1 Bplugins | 1 Html5 Audio Player | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-45783 | 1 Dotcms | 1 Dotcms | 2023-02-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | |||||
| CVE-2021-41617 | 5 Fedoraproject, Netapp, Openbsd and 2 more | 14 Fedora, Active Iq Unified Manager, Aff 500f and 11 more | 2023-02-14 | 4.4 MEDIUM | 7.0 HIGH |
| sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. | |||||
| CVE-2023-0147 | 1 Flexible Captcha Project | 1 Flexible Captcha | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0154 | 1 Gamipress | 1 Gamipress | 2023-02-14 | N/A | 5.4 MEDIUM |
| The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0153 | 1 Vimeo Video Autoplay Automute Project | 1 Vimeo Video Autoplay Automute | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0149 | 1 Wordprezi Project | 1 Wordprezi | 2023-02-14 | N/A | 5.4 MEDIUM |
| The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0148 | 1 Vilyon | 1 Gallery Factory Lite | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-40897 | 1 Python | 1 Setuptools | 2023-02-14 | N/A | 5.9 MEDIUM |
| Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. | |||||
| CVE-2022-3239 | 1 Linux | 1 Linux Kernel | 2023-02-14 | N/A | 7.8 HIGH |
| A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2022-2977 | 1 Linux | 1 Linux Kernel | 2023-02-14 | N/A | 7.8 HIGH |
| A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. | |||||
| CVE-2022-39189 | 1 Linux | 1 Linux Kernel | 2023-02-14 | N/A | 7.8 HIGH |
| An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. | |||||
| CVE-2022-1729 | 1 Linux | 1 Linux Kernel | 2023-02-14 | N/A | 7.0 HIGH |
| A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | |||||
| CVE-2022-3028 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2023-02-14 | N/A | 7.0 HIGH |
| A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. | |||||
| CVE-2022-1976 | 1 Linux | 1 Linux Kernel | 2023-02-14 | N/A | 7.8 HIGH |
| A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. | |||||