Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0571 | 1 Canteen Management System Project | 1 Canteen Management System | 2023-02-07 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0591 | 1 Ubi Reader Project | 1 Ubi Reader | 2023-02-07 | N/A | 5.5 MEDIUM |
| ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5. | |||||
| CVE-2023-0570 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2023-02-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability. | |||||
| CVE-2023-23950 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2023-02-07 | N/A | 6.1 MEDIUM |
| User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. | |||||
| CVE-2023-23951 | 1 Broadcom | 2 Symantec Identity Governance And Administration, Symantec Identity Manager | 2023-02-07 | N/A | 6.1 MEDIUM |
| Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application | |||||
| CVE-2022-25979 | 1 Jsuites | 1 Jsuites | 2023-02-07 | N/A | 6.1 MEDIUM |
| Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function. | |||||
| CVE-2022-39059 | 1 Changingtec | 1 Megaservisignadapter | 2023-02-07 | N/A | 7.5 HIGH |
| ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. | |||||
| CVE-2022-39060 | 1 Changingtec | 1 Megaservisignadapter | 2023-02-07 | N/A | 9.8 CRITICAL |
| ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service. | |||||
| CVE-2022-2988 | 1 Schneider-electric | 2 Ecostruxure Machine Expert - Hvac, Somachine Hvac | 2023-02-07 | N/A | 7.5 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0) | |||||
| CVE-2023-24065 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2023-02-07 | N/A | 5.4 MEDIUM |
| NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. | |||||
| CVE-2022-4496 | 1 Miniorange | 1 Saml Sp Single Sign On | 2023-02-07 | N/A | 6.1 MEDIUM |
| The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in. | |||||
| CVE-2023-0455 | 1 Bumsys Project | 1 Bumsys | 2023-02-07 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta. | |||||
| CVE-2023-0488 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2023-02-07 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. | |||||
| CVE-2023-0565 | 1 Froxlor | 1 Froxlor | 2023-02-07 | N/A | 4.9 MEDIUM |
| Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2022-27233 | 1 Intel | 1 Quartus Prime | 2023-02-07 | N/A | 7.5 HIGH |
| XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2023-0509 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2023-02-07 | N/A | 7.4 HIGH |
| Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. | |||||
| CVE-2022-25881 | 1 Http-cache-semantics Project | 1 Http-cache-semantics | 2023-02-07 | N/A | 7.5 HIGH |
| This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. | |||||
| CVE-2023-22333 | 1 Mubag | 1 Easymail | 2023-02-07 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-44645 | 1 Apache | 1 Linkis | 2023-02-07 | N/A | 8.8 HIGH |
| In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1. | |||||
| CVE-2022-46357 | 1 Hp | 1 Security Manager | 2023-02-07 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||