• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-22643
Libzypp-plugin-appdata, Opensuse
Leap, Libzypp, Rmt-server, Autoyast2, Cryptctl, Osc, Factory, Munge, Munin, Pcp
2023-02-14
N/A
7.8 HIGH
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
CVE-2023-22638
2023-02-16
N/A
N/A
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
CVE-2023-22630
2023-02-02
N/A
4.3 MEDIUM
IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.
CVE-2023-22629
2023-02-23
N/A
8.8 HIGH
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
CVE-2023-22626
2023-01-11
N/A
7.5 HIGH
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)
CVE-2023-22624
2023-01-23
N/A
7.5 HIGH
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.
CVE-2023-22622
2023-02-02
N/A
5.3 MEDIUM
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits.
CVE-2023-22617
2023-01-31
N/A
7.5 HIGH
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.
CVE-2023-22611
2023-02-07
N/A
7.5 HIGH
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
CVE-2023-22610
2023-02-07
N/A
7.5 HIGH
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
« Previous 1 … 11,150 11,151 11,152 11,153 11,154 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE