Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36653 | 1 Geni | 1 Geni-portal | 2023-01-25 | N/A | 6.1 MEDIUM |
| A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10068 | 1 Movify-j Project | 1 Movify-j | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in danynab movify-j. This vulnerability affects the function getByMovieId of the file app/business/impl/ReviewServiceImpl.java. The manipulation of the argument movieId/username leads to sql injection. The name of the patch is c3085e01936a4d7eff1eda3093f25d56cc4d2ec5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218476. | |||||
| CVE-2022-46732 | 1 Ge | 1 Proficy Historian | 2023-01-25 | N/A | 9.8 CRITICAL |
| Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | |||||
| CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2023-01-25 | N/A | 6.5 MEDIUM |
| An unauthorized user could alter or write files with full control over the path and content of the file. | |||||
| CVE-2022-46331 | 1 Ge | 1 Proficy Historian | 2023-01-25 | N/A | 8.1 HIGH |
| An unauthorized user could possibly delete any file on the system. | |||||
| CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2023-01-25 | N/A | 6.5 MEDIUM |
| An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | |||||
| CVE-2015-10020 | 1 Cis450project Project | 1 Cis450project | 2023-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380. | |||||
| CVE-2023-22499 | 1 Deno | 1 Deno | 2023-01-25 | N/A | 7.5 HIGH |
| Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message. This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can’t be reliably reproduced on every try. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version. Users are advised to upgrade. Users unable to upgrade may run with --no-prompt flag to disable interactive permission prompts. | |||||
| CVE-2022-3650 | 1 Redhat | 1 Ceph | 2023-01-25 | N/A | 7.8 HIGH |
| A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. | |||||
| CVE-2022-4484 | 1 Heateor | 1 Super Socializer | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-40319 | 1 Lsoft | 1 Listserv | 2023-01-25 | N/A | 7.5 HIGH |
| The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. | |||||
| CVE-2017-20167 | 1 Minichan | 1 Minichan | 2023-01-25 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability. | |||||
| CVE-2022-4891 | 1 Libsisimai | 1 Sisimai | 2023-01-25 | N/A | 7.5 HIGH |
| A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452. | |||||
| CVE-2023-22875 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2023-01-25 | N/A | 7.5 HIGH |
| IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356. | |||||
| CVE-2022-4508 | 1 Convertkit | 1 Convertkit - Email Marketing\, Email Newsletter And Landing Pages | 2023-01-25 | N/A | 5.4 MEDIUM |
| The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. | |||||
| CVE-2022-4507 | 1 Devowl | 1 Wordpress Real Cookie Banner | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | |||||
| CVE-2022-30544 | 1 Hyumika | 1 Openstreetmap | 2023-01-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions. | |||||
| CVE-2023-0305 | 1 Online Food Ordering System V2 Project | 1 Online Food Ordering System V2 | 2023-01-25 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-23511 | 2 Amazon, Microsoft | 2 Cloudwatch Agent, Windows | 2023-01-25 | N/A | 6.8 MEDIUM |
| A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they're able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue. | |||||
| CVE-2022-45440 | 1 Zyxel | 2 Ax7501-b0, Ax7501-b0 Firmware | 2023-01-25 | N/A | 4.4 MEDIUM |
| A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device. | |||||