• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-22842
Big-ip Fraud Protection Service, F5
Big-ip_b2250_firmware, Big-ip_b2250, Big-ip_b4300_firmware, Big-ip_b4300, Big-ip_b4340n_firmware, Big-ip_b4340n, Big-ip_b4450n_firmware, Big-ip_b4450n, Big-ip_10000s_firmware, Big-ip_10000s
2023-02-09
N/A
7.5 HIGH
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-22839
Big-ip 10200v-ssl, F5
Big-ip_b2250_firmware, Big-ip_b2250, Big-ip_b4300_firmware, Big-ip_b4300, Big-ip_b4340n_firmware, Big-ip_b4340n, Big-ip_b4450n_firmware, Big-ip_b4450n, Big-ip_10000s_firmware, Big-ip_10000s
2023-02-10
N/A
7.5 HIGH
On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-22832
2023-02-17
N/A
7.5 HIGH
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.
CVE-2023-22809
Fedora, Fedoraproject
389_administration_server, 389_directory_server, Anaconda, Arm_installer, Atomic, Commons, Coolkey, Crypto-utils, Dracut, Extra_packages_for_enterprise_linux
2023-02-05
N/A
7.8 HIGH
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVE-2023-22807
2023-02-24
N/A
9.8 CRITICAL
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.
CVE-2023-22806
2023-02-24
N/A
7.5 HIGH
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.
CVE-2023-22805
2023-02-24
N/A
4.3 MEDIUM
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.
CVE-2023-22804
2023-02-24
N/A
9.8 CRITICAL
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.
CVE-2023-22803
2023-02-24
N/A
7.5 HIGH
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.
CVE-2023-22799
Globalid, Rubyonrails
Actionpack, Actionpack_page-caching, Actionview, Active_job, Active_record_session_store, Active_resource, Active_storage, Globalid, Html_sanitizer, Jquery-rails
2023-02-16
N/A
7.5 HIGH
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.
« Previous 1 … 11,146 11,147 11,148 11,149 11,150 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE