• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0054
Vim
Gvim, Netrw, Tar.vim, Zipplugin.vim
2023-01-11
N/A
7.8 HIGH
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
CVE-2023-0052
Modunet300 Ey-am300f002 Firmware, Sauter-controls
Bacnetstac, Case_suite, Modunet300_ey-am300f001, Modunet300_ey-am300f001_firmware, Modunet300_ey-am300f002, Modunet300_ey-am300f002_firmware, Moduweb_firmware, Moduweb_vision, Nova_106_eyk300f001, Nova_106_eyk300f001_firmware
2023-02-02
N/A
8.8 HIGH
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
CVE-2023-0051
Vim
Gvim, Netrw, Tar.vim, Zipplugin.vim
2023-01-10
N/A
7.8 HIGH
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
CVE-2023-0049
Fedoraproject, Vim
389_administration_server, 389_directory_server, Anaconda, Arm_installer, Atomic, Commons, Coolkey, Crypto-utils, Dracut, Extra_packages_for_enterprise_linux, Gvim, Netrw, Tar.vim, Zipplugin.vim
2023-01-12
N/A
7.8 HIGH
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
CVE-2023-0048
Daloradius
2023-01-10
N/A
8.8 HIGH
Code Injection in GitHub repository lirantal/daloradius prior to master-branch.
CVE-2023-0047
2023-01-27
N/A
N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none.
CVE-2023-0046
Daloradius
2023-01-10
N/A
7.2 HIGH
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.
CVE-2023-0042
Gitlab
Dast_api_scanner, Gitaly, Gitlab_runner, Gitlab-shell, Gitlab-vscode-extension, Omnibus, Runner, Dynamic_application_security_testing_analyzer
2023-01-20
N/A
6.1 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
CVE-2023-0040
Asynchttpclient Project
Async-http-client
2023-01-26
N/A
7.5 HIGH
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted data into HTTP header field values without prior sanitisation. Common use-cases here might be to place usernames from a database into HTTP header fields. This vulnerability allows attackers to inject new HTTP header fields, or entirely new requests, into the data stream. This can cause requests to be understood very differently by the remote server than was intended. In general, this is unlikely to result in data disclosure, but it can result in a number of logical errors and other misbehaviours.
CVE-2023-0039
Odude, User Post Gallery
Flexi, User_post_gallery
2023-01-10
N/A
9.8 CRITICAL
The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator.
« Previous 1 … 11,251 11,252 11,253 11,254 11,255 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE