Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4285 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Binutils, Enterprise Linux | 2023-02-07 | N/A | 5.5 MEDIUM |
| An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | |||||
| CVE-2022-32519 | 1 Schneider-electric | 1 Data Center Expert | 2023-02-07 | N/A | 9.8 CRITICAL |
| A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
| CVE-2022-32518 | 1 Schneider-electric | 1 Data Center Expert | 2023-02-07 | N/A | 9.8 CRITICAL |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
| CVE-2022-32520 | 1 Schneider-electric | 1 Data Center Expert | 2023-02-07 | N/A | 9.8 CRITICAL |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
| CVE-2023-0572 | 1 Froxlor | 1 Froxlor | 2023-02-07 | N/A | 5.3 MEDIUM |
| Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2022-32517 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-07 | N/A | 6.5 MEDIUM |
| A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
| CVE-2022-32515 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-07 | N/A | 9.8 CRITICAL |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
| CVE-2023-23629 | 1 Metabase | 1 Metabase | 2023-02-07 | N/A | 6.3 MEDIUM |
| Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the "Subscriptions and Alerts" permission for groups that have restricted data permissions, as a workaround. | |||||
| CVE-2023-0452 | 1 Econolite | 1 Eos | 2023-02-07 | N/A | 5.3 MEDIUM |
| All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak Hash, and use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians. | |||||
| CVE-2023-24612 | 1 Pdfbook Project | 1 Pdfbook | 2023-02-07 | N/A | 9.8 CRITICAL |
| The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | |||||
| CVE-2022-44717 | 1 Netscout | 1 Ngeniusone | 2023-02-07 | N/A | 3.1 LOW |
| An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. | |||||
| CVE-2021-3629 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more | 2023-02-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | |||||
| CVE-2022-48303 | 1 Gnu | 1 Tar | 2023-02-07 | N/A | 7.8 HIGH |
| GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. | |||||
| CVE-2022-25936 | 1 Servst Project | 1 Servst | 2023-02-07 | N/A | 7.5 HIGH |
| Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | |||||
| CVE-2022-25967 | 1 Eta.js | 1 Eta | 2023-02-07 | N/A | 8.8 HIGH |
| Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. | |||||
| CVE-2023-0550 | 1 Thingsforrestaurants | 1 Quick Restaurant Menu | 2023-02-07 | N/A | 4.3 MEDIUM |
| The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts. | |||||
| CVE-2023-24060 | 1 Havenweb | 1 Haven | 2023-02-07 | N/A | 5.0 MEDIUM |
| Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[url]= Feeds functionality. Authenticated users with the ability to create new RSS Feeds or add RSS Feeds can supply an arbitrary hostname (or even the hostname of the Haven server itself). NOTE: this product has significant usage but does not have numbered releases; ordinary end users may typically use the master branch. | |||||
| CVE-2023-24163 | 1 Hutool | 1 Hutool | 2023-02-07 | N/A | 9.8 CRITICAL |
| SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine. | |||||
| CVE-2023-0553 | 1 Thingsforrestaurants | 1 Quick Restaurant Menu | 2023-02-07 | N/A | 4.8 MEDIUM |
| The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-24622 | 1 Includesecurity | 1 Safeurl-python | 2023-02-07 | N/A | 5.3 MEDIUM |
| isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. | |||||