Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0646 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability. | |||||
| CVE-2021-36489 | 1 Liballeg | 1 Allegro | 2023-02-09 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. | |||||
| CVE-2023-0650 | 1 Yetanotherforum | 1 Yaf.net | 2023-02-09 | N/A | 5.4 MEDIUM |
| A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability. | |||||
| CVE-2021-36444 | 1 Txjia | 1 Imcat | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | |||||
| CVE-2021-36443 | 1 Txjia | 1 Imcat | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | |||||
| CVE-2022-3913 | 1 Rapid7 | 1 Nexpose | 2023-02-09 | N/A | 5.3 MEDIUM |
| Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM. | |||||
| CVE-2022-30904 | 1 Bestechnic | 2 Bes2300, Bluetooth Mesh Software Development Kit | 2023-02-09 | N/A | 8.8 HIGH |
| In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. | |||||
| CVE-2021-36535 | 1 Cesanta | 1 Mjs | 2023-02-09 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | |||||
| CVE-2022-37033 | 1 Dotcms | 1 Dotcms | 2023-02-09 | N/A | 6.5 MEDIUM |
| In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. | |||||
| CVE-2023-0647 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-36493 | 1 Xpdfreader | 1 Xpdf | 2023-02-09 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | |||||
| CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2023-02-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | |||||
| CVE-2023-0649 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. | |||||
| CVE-2023-0648 | 1 Dst-admin Project | 1 Dst-admin | 2023-02-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035. | |||||
| CVE-2022-46604 | 1 Tecrail | 1 Responsive Filemanager | 2023-02-09 | N/A | 8.8 HIGH |
| An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | |||||
| CVE-2022-47966 | 1 Zohocorp | 23 Application Control Plus, Manageengine Access Manager Plus, Manageengine Ad360 and 20 more | 2023-02-09 | N/A | 9.8 CRITICAL |
| Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. | |||||
| CVE-2023-21747 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2023-02-09 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | |||||
| CVE-2022-37034 | 1 Dotcms | 1 Dotcms | 2023-02-09 | N/A | 5.3 MEDIUM |
| In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. | |||||
| CVE-2021-36570 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---. | |||||
| CVE-2021-36569 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-02-09 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | |||||