CVE-2023-22xxx

There are 751 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-22000 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
CVE-2023-22001 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
CVE-2023-22002 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
CVE-2023-22003 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versi...
CVE-2023-22004 Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: R...
S
CVE-2023-22005 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support...
CVE-2023-22006 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ...
S
CVE-2023-22007 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support...
CVE-2023-22008 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
CVE-2023-22009 Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (compone...
S
CVE-2023-22010 Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that...
S
CVE-2023-22011 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22012 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22013 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22014 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port...
S
CVE-2023-22015 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
CVE-2023-22016 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
S
CVE-2023-22017 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
S
CVE-2023-22018 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
S
CVE-2023-22019 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener...
S
CVE-2023-22020 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22021 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22022 Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Hea...
S
CVE-2023-22023 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). ...
S
CVE-2023-22024 In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS...
CVE-2023-22025 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, prod...
S
CVE-2023-22026 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22027 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22028 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22029 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench)...
S
CVE-2023-22031 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22032 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22033 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
CVE-2023-22034 Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are...
S
CVE-2023-22035 Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module)...
S
CVE-2023-22036 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ...
S
CVE-2023-22037 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (...
S
CVE-2023-22038 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges)....
CVE-2023-22039 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). The s...
S
CVE-2023-22040 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22041 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ...
S
CVE-2023-22042 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Di...
S
CVE-2023-22043 Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Ora...
S
CVE-2023-22044 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ...
S
CVE-2023-22045 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ...
S
CVE-2023-22046 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
CVE-2023-22047 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port...
S
CVE-2023-22048 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supp...
CVE-2023-22049 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK produ...
S
CVE-2023-22050 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: ...
S
CVE-2023-22051 Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Jav...
S
CVE-2023-22052 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec...
S
CVE-2023-22053 Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported v...
CVE-2023-22054 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
CVE-2023-22055 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run...
S
CVE-2023-22056 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
CVE-2023-22057 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support...
CVE-2023-22058 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi...
CVE-2023-22059 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22060 Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visuali...
S
CVE-2023-22061 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22062 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repo...
S
CVE-2023-22064 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22065 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22066 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
S
CVE-2023-22067 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co...
S
CVE-2023-22068 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
CVE-2023-22069 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22070 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22071 Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affect...
S
CVE-2023-22072 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22073 Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported vers...
S
CVE-2023-22074 Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versio...
E S
CVE-2023-22075 Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versio...
S
CVE-2023-22076 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe...
S
CVE-2023-22077 Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supporte...
S
CVE-2023-22078 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
CVE-2023-22079 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22080 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA ...
S
CVE-2023-22081 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ...
S
CVE-2023-22082 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22083 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (c...
S
CVE-2023-22084 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
S
CVE-2023-22085 Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Application...
S
CVE-2023-22086 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22087 Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Application...
S
CVE-2023-22088 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat...
S
CVE-2023-22089 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22090 Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSof...
S
CVE-2023-22091 Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Jav...
S
CVE-2023-22092 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22093 Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition ...
S
CVE-2023-22094 Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Suppo...
S
CVE-2023-22095 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supp...
S
CVE-2023-22096 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec...
S
CVE-2023-22097 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
S
CVE-2023-22098 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
S
CVE-2023-22099 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
S
CVE-2023-22100 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo...
S
CVE-2023-22101 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22102 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported v...
S
CVE-2023-22103 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22104 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
CVE-2023-22105 Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported ve...
S
CVE-2023-22106 Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (...
S
CVE-2023-22107 Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (...
S
CVE-2023-22108 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...
S
CVE-2023-22109 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (co...
S
CVE-2023-22110 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22111 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versi...
S
CVE-2023-22112 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported...
S
CVE-2023-22113 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption)....
CVE-2023-22114 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t...
S
CVE-2023-22115 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versi...
S
CVE-2023-22117 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applicat...
S
CVE-2023-22118 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applicat...
S
CVE-2023-22119 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applicat...
S
CVE-2023-22121 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ...
S
CVE-2023-22122 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ...
S
CVE-2023-22123 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ...
S
CVE-2023-22124 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ...
S
CVE-2023-22125 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications ...
S
CVE-2023-22126 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Conten...
S
CVE-2023-22127 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Co...
S
CVE-2023-22128 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported ve...
S
CVE-2023-22129 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported v...
S
CVE-2023-22130 Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The su...
S
CVE-2023-22139 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2023-22226 Adobe Bridge SVG file Stack-based Buffer Overflow Arbitrary code execution
CVE-2023-22227 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22228 Adobe Bridge Improper Input Validation Remote Code Execution Vulnerability
CVE-2023-22229 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22230 Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22231 Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-22232 Adobe Connect Improper Access Control Security feature bypass
CVE-2023-22233 Adobe After Effects Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-22234 Adobe Premiere Rush PSD file Stack-based Buffer Overflow Arbitrary code execution
CVE-2023-22235 Adobe InCopy SVG file Use After Free Arbitrary code execution
CVE-2023-22236 Adobe Animate Heap-based Buffer Overflow Arbitrary code execution
CVE-2023-22237 Adobe After Effects Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22238 Adobe After Effects Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22239 Adobe After Effects Improper Input Validation Remote Code Execution Vulnerability
CVE-2023-22240 ZDI-CAN-19517: Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22241 ZDI-CAN-19516: Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22242 ZDI-CAN-19515: Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-22243 Adobe Animate SVG file Stack-based Buffer Overflow Arbitrary code execution
CVE-2023-22244 Adobe Premiere Rush PSD files Use After Free Arbitrary code execution
CVE-2023-22246 Adobe Animate FLA files Use After Free Arbitrary code execution
CVE-2023-22247 Adobe Commerce XML Injection Arbitrary file system read
CVE-2023-22248 Adobe Commerce Incorrect Authorization Security feature bypass
CVE-2023-22249 Adobe Commerce Stored XSS Arbitrary code execution
CVE-2023-22250 Adobe Commerce Improper Access Control Security feature bypass
CVE-2023-22251 Adobe Commerce Incorrect Authorization Security feature bypass
CVE-2023-22252 AEM Reflected XSS Arbitrary code execution
CVE-2023-22253 AEM Reflected XSS Arbitrary code execution
CVE-2023-22254 AEM Reflected XSS Arbitrary code execution
CVE-2023-22256 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22257 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22258 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22259 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22260 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22261 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22262 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22263 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22264 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22265 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22266 AEM URL Redirection to Untrusted Site Security feature bypass
CVE-2023-22268 ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability
CVE-2023-22269 AEM Reflected XSS Arbitrary code execution
CVE-2023-22271 AEM Weak Cryptography for Passwords Security feature bypass
CVE-2023-22272 ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability
CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability
CVE-2023-22274 ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability
CVE-2023-22275 ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability
CVE-2023-22276 Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before ve...
CVE-2023-22277 Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a s...
CVE-2023-22278 m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows...
CVE-2023-22279 MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prio...
CVE-2023-22280 MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prio...
CVE-2023-22281 BIG-IP AFM vulnerability
CVE-2023-22282 WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registere...
CVE-2023-22283 BIG-IP Edge Client for Windows vulnerability
CVE-2023-22284 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-22285 Improper access control for some Intel Unison software may allow an unauthenticated user to potentia...
CVE-2023-22286 Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to ...
CVE-2023-22287 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-22288 Email HTML Injection
CVE-2023-22290 Uncaught exception for some Intel Unison software may allow an authenticated user to potentially ena...
CVE-2023-22291 An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1...
E
CVE-2023-22292 Uncaught exception for some Intel Unison software may allow an authenticated user to potentially ena...
CVE-2023-22293 Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authent...
CVE-2023-22294 Privilege escalation in Checkmk Appliance
M
CVE-2023-22295 CVE-2023-22295
S
CVE-2023-22296 Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lit...
CVE-2023-22297 Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before vers...
S
CVE-2023-22298 Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated att...
S
CVE-2023-22299 An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesig...
E
CVE-2023-22300 CVE-2023-22300
CVE-2023-22301 The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.
CVE-2023-22302 BIG-IP HTTP profile vulnerability
CVE-2023-22303 TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authenticati...
CVE-2023-22304 OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_E...
CVE-2023-22305 Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated...
CVE-2023-22306 An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesi...
E
CVE-2023-22307 Site-Passwords in GET parameters
CVE-2023-22308 An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther...
E
CVE-2023-22309 Reflected Cross Site Scripting (XSS)
CVE-2023-22310 Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated u...
CVE-2023-22311 Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before versi...
CVE-2023-22312 Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potential...
S
CVE-2023-22313 Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow ...
S
CVE-2023-22314 Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a s...
CVE-2023-22315 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN...
S
CVE-2023-22316 Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_E...
CVE-2023-22317 Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a s...
CVE-2023-22318 Denial of service against webconf
M
CVE-2023-22319 A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight ...
E
CVE-2023-22320 OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improp...
CVE-2023-22321 Datakit CrossCAD/Ware
S
CVE-2023-22322 Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion ...
CVE-2023-22323 BIG-IP SSL OCSP Authentication profile vulnerability
CVE-2023-22324 SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote ...
S
CVE-2023-22325 A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of S...
E S
CVE-2023-22326 iControl REST and tmsh vulnerability
CVE-2023-22327 Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a pri...
S
CVE-2023-22329 Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticat...
CVE-2023-22330 Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to pote...
S
CVE-2023-22331 Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows ...
S
CVE-2023-22332 Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4...
CVE-2023-22333 Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated ...
CVE-2023-22334 Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (C...
S
CVE-2023-22335 Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent V...
CVE-2023-22336 Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 ...
CVE-2023-22337 Improper input validation for some Intel Unison software may allow an unauthenticated user to potent...
CVE-2023-22338 Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authentic...
CVE-2023-22339 Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a r...
S
CVE-2023-22340 BIG-IP SIP profile vulnerability
CVE-2023-22341 BIG-IP APM OAuth vulnerability
CVE-2023-22342 Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88...
CVE-2023-22344 Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud A...
CVE-2023-22345 Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier ...
S
CVE-2023-22346 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier b...
S
CVE-2023-22347 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier b...
S
CVE-2023-22348 Reading host_configs does not honour contact groups
CVE-2023-22349 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier b...
S
CVE-2023-22350 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier b...
S
CVE-2023-22351 Out-of-bounds write in UEFI firmware for some Intel(R) Processors may allow a privileged user to pot...
CVE-2023-22353 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier b...
S
CVE-2023-22354 Datakit CrossCAD/Ware
S
CVE-2023-22355 Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before ve...
CVE-2023-22356 Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentiall...
S
CVE-2023-22357 Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is no...
CVE-2023-22358 BIG-IP Edge Client for Windows vulnerability
CVE-2023-22359 User-enumeration in RestAPI
CVE-2023-22360 Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due ...
S
CVE-2023-22361 Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier...
CVE-2023-22362 SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attack...
CVE-2023-22363 Access Zone stack overflow
CVE-2023-22365 An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of...
CVE-2023-22366 CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a ...
CVE-2023-22367 Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 impr...
CVE-2023-22368 Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 an...
S
CVE-2023-22369 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-25011. Reason: This candidat...
R
CVE-2023-22370 Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G al...
CVE-2023-22371 An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of ...
E
CVE-2023-22372 BIG-IP Edge Client for Windows and Mac OS vulnerability
CVE-2023-22373 Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remo...
S
CVE-2023-22374 iControl SOAP vulnerability
CVE-2023-22375 Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV...
CVE-2023-22376 Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G...
CVE-2023-22377 Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Defin...
CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
S
CVE-2023-22379 Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a...
S
CVE-2023-22380 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site
CVE-2023-22381 Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions
CVE-2023-22382 Improper Input Validation in Automotive
CVE-2023-22383 Use After Free in Camera
S
CVE-2023-22384 Buffer Copy Without Checking Size of Input in VR Service
CVE-2023-22385 Buffer Over-read in Data Modem
CVE-2023-22386 Buffer Copy Without Checking Size of Input in WLAN HOST
S
CVE-2023-22387 Use of Out-of-range Pointer Offset in Qualcomm IPC
S
CVE-2023-22388 Use of Out-of-range Pointer Offset in Multi-mode Call Processor
CVE-2023-22389 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when ...
S
CVE-2023-22390 Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version...
CVE-2023-22391 Junos OS: ACX2K Series: Receipt of a high rate of specific traffic will lead to a Denial of Service (DoS)
S
CVE-2023-22392 Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak
S
CVE-2023-22393 Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop
S
CVE-2023-22394 Junos OS: SRX Series and MX Series: Memory leak due to receipt of specially crafted SIP calls
S
CVE-2023-22395 Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity
S
CVE-2023-22396 Junos OS: Receipt of crafted TCP packets destined to the device results in MBUF leak leading to a Denial of Service (DoS)
S
CVE-2023-22397 Junos OS Evolved: PTX10003: An attacker sending specific genuine packets will cause a memory leak in the PFE leading to a Denial of Service
S
CVE-2023-22398 Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs
S
CVE-2023-22399 Junos OS: QFX10K Series: PFE crash upon receipt of specific genuine packets when sFlow is enabled
S
CVE-2023-22400 Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash
S
CVE-2023-22401 Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash
S
CVE-2023-22402 Junos OS Evolved: The kernel might restart in a BGP scenario where "bgp auto-discovery" is enabled and such a neighbor flaps
S
CVE-2023-22403 Junos OS: QFX10K Series: An ICCP flap will be observed due to excessive specific traffic
S
CVE-2023-22404 Junos OS: SRX Series and MX Series with SPC3: When IPsec VPN is configured iked will core when a specifically formatted payload is received
S
CVE-2023-22405 Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot
S
CVE-2023-22406 Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF
S
CVE-2023-22407 Junos OS and Junos OS Evolved: An RPD crash can happen due to an MPLS TE tunnel configuration change on a directly connected router
S
CVE-2023-22408 Junos OS: SRX 5000 Series: Upon processing of a specific SIP packet an FPC can crash
S
CVE-2023-22409 Junos OS: SRX Series, MX Series with SPC3: When an inconsistent NAT configuration exists and a specific CLI command is issued the SPC will reboot
S
CVE-2023-22410 Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak.
E S
CVE-2023-22411 Junos OS: SRX Series: The flow processing daemon (flowd) will crash when Unified Policies are used with IPv6 and certain dynamic applications are rejected by the device
S
CVE-2023-22412 Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if the SIP ALG is enabled and specific SIP messages are processed
S
CVE-2023-22413 Junos OS: MX Series: The Multiservices PIC Management Daemon (mspmand) will crash when an IPsec6 tunnel processes specific IPv4 packets
S
CVE-2023-22414 Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed
S
CVE-2023-22415 Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash when specific H.323 packets are received
E S
CVE-2023-22416 Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if SIP ALG is enabled and a malformed SIP packet is received
S
CVE-2023-22417 Junos OS: SRX Series: A memory leak might be observed in IPsec VPN scenario leading to an FPC crash
S
CVE-2023-22418 BIG-IP APM virtual server vulnerability
CVE-2023-22419 Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Pr...
CVE-2023-22421 Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Pr...
CVE-2023-22422 HTTP profile vulnerability
CVE-2023-22424 Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Progra...
CVE-2023-22425 Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier vers...
E
CVE-2023-22427 Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earli...
E
CVE-2023-22428 Improper privilege validation in Command Centre Server allows authenticated operators to modify Div...
CVE-2023-22429 Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (A...
CVE-2023-22432 Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py...
CVE-2023-22435 Server bad parsing implementation - stack overflow in server::get_db_path_for_driver
CVE-2023-22436 The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability.
CVE-2023-22438 Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0....
S
CVE-2023-22439 Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 option...
CVE-2023-22440 Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all v...
CVE-2023-22441 Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may a...
CVE-2023-22442 Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privi...
S
CVE-2023-22443 Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileg...
S
CVE-2023-22444 Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit...
CVE-2023-22447 Insertion of sensitive information into log file in the Open CAS software for Linux maintained by In...
CVE-2023-22448 Improper access control for some Intel Unison software may allow a privileged user to potentially en...
CVE-2023-22449 Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentia...
S
CVE-2023-22450 In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability tha...
S
CVE-2023-22451 Weak password requirements in Kiwi TCMS
S
CVE-2023-22452 Improper Input Validation in kenny2automate
S
CVE-2023-22453 Discourse vulnerable to exposure of user post counts per topic to unauthorized users
S
CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions
S
CVE-2023-22455 Discourse vulnerable to Cross-site Scripting through tag descriptions
S
CVE-2023-22456 ViewVC XSS vulnerability in revision view changed paths
S
CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery
E S
CVE-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service
S
CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes
S
CVE-2023-22461 sanitize-svg Filter Bypass Allows Cross-Site Scripting (XSS)
E S
CVE-2023-22462 Stored XSS in Grafana Text plugin
S
CVE-2023-22463 KubePi's Hardcoded Jwtsigkeys allows malicious actor to login with a forged JWT token
E S
CVE-2023-22464 ViewVC XSS vulnerability in revision view changed path "copyfrom" locations
E M
CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers
E M
CVE-2023-22466 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe
S
CVE-2023-22467 luxon.js inefficient regular expression complexity vulnerability
S
CVE-2023-22468 Discourse vulnerable to Cross-site Scripting in local oneboxes
CVE-2023-22469 Nextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cache
E S
CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption
S
CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass
S
CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link
S
CVE-2023-22473 Passcode bypass on Talk-Android app
E S
CVE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing
S
CVE-2023-22475 Cross-Site Scripting in Canarytoken history
S
CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users
E
CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions
E S
CVE-2023-22478 KubePi is vulnerable to missing authorization
S
CVE-2023-22479 KubePi vulnerable to session fixation attack
S
CVE-2023-22480 KubeOperator is vulnerable to unauthorized access to system API
S
CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS
E S
CVE-2023-22482 JWT audience claim is not verified
S
CVE-2023-22483 cmark-gfm Quadratic complexity bugs may lead to a denial of service
E
CVE-2023-22484 Inefficient Quadratic complexity bug in handle_pointy_brace may lead to a denial of service
E
CVE-2023-22485 cmark-gfm out-of-bounds read in validate_protocol
E
CVE-2023-22486 cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service
E
CVE-2023-22487 Post mentions can be used to read any post on the forum without access control
E S
CVE-2023-22488 Missing authorization in Flarum
S
CVE-2023-22489 Flarum is missing authorization in discussion replies
S
CVE-2023-22490 Git vulnerable to local clone-based data exfiltration with non-local transports
S
CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection
E
CVE-2023-22492 RefreshToken invalidation vulnerability
S
CVE-2023-22493 RSSHub is vulnerable to SSRF (Server-Side Request Forgery)
E S
CVE-2023-22494 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-20018. Reason: This candidat...
R
CVE-2023-22495 Izanami is vulnerable to Authorization Bypass
E
CVE-2023-22496 Netdata vulnerable to command injection
E M
CVE-2023-22497 Netdata is vulnerable to improper authentication
E M
CVE-2023-22498 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco...
R
CVE-2023-22499 Interactive permission prompt spoofing in Deno
E S
CVE-2023-22500 glpi Unauthorized access to inventory files
CVE-2023-22501 An authentication vulnerability was discovered in Jira Service Management Server and Data Center whi...
CVE-2023-22502 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ...
R
CVE-2023-22503 Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to...
CVE-2023-22504 Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to...
CVE-2023-22505 This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced ...
S
CVE-2023-22506 This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 w...
S
CVE-2023-22507 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ...
R
CVE-2023-22508 This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced ...
S
CVE-2023-22510 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ...
R
CVE-2023-22512 This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluen...
CVE-2023-22513 This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitb...
CVE-2023-22514 This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sou...
CVE-2023-22515 Atlassian has been made aware of an issue reported by a handful of customers where external attacker...
KEV E
CVE-2023-22516 This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0...
CVE-2023-22518 All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Th...
KEV E M
CVE-2023-22520 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ...
R
CVE-2023-22521 This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crow...
CVE-2023-22522 This Template Injection vulnerability allows an authenticated attacker, including one with anonymous...
CVE-2023-22523 This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Executio...
CVE-2023-22524 Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution v...
CVE-2023-22525 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ...
R
CVE-2023-22526 This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Con...
CVE-2023-22527 A template injection vulnerability on older versions of Confluence Data Center and Server allows an ...
KEV E
CVE-2023-22551 The FTP (aka "Implementation of a simple FTP client and server") project through 96c1a35 allows remo...
E
CVE-2023-22572 Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file v...
CVE-2023-22573 Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vu...
CVE-2023-22574 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file...
CVE-2023-22575 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file ...
CVE-2023-22576 Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerabilit...
CVE-2023-22577 White Rabbit Switch - Password Disclosure Vulnerability
M
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses
CVE-2023-22579 Sequalize - Unsafe fall-through in getWhereConditions
CVE-2023-22580 Sequalize - Bad query filtering leading to SQL errors
CVE-2023-22581 White Rabbit Switch - Unauthenticated remote code execution
M
CVE-2023-22582 Reflected Cross-Site Scripting in Danfoss AK-EM100
M
CVE-2023-22583 SQL Injection in Danfoss AK-EM100
M
CVE-2023-22584 Cleartext credentials in Danfoss AK-EM100
M
CVE-2023-22585 Reflected Cross-Site Scripting in Danfoss AK-EM100
M
CVE-2023-22586 Local File Inclusion in Danfoss AK-EM100
M
CVE-2023-22591 IBM Robotic Process Automation session fixation
CVE-2023-22592 IBM Robotic Process Automation for Cloud Pak insufficient permission settings
S
CVE-2023-22593 IBM Robotic Process Automation for Cloud Pak security configuration
S
CVE-2023-22594 IBM Robotic Process Automation for Cloud Pak cross-site scripting
S
CVE-2023-22595 IBM B2B Advanced Communication cross-site scripting
S
CVE-2023-22597 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In...
CVE-2023-22598 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In...
CVE-2023-22599 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In...
CVE-2023-22600 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In...
CVE-2023-22601 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In...
CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request
CVE-2023-22603 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-22604 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-22605 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-22606 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-22607 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-22608 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-22609 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2023-22610 A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against ...
S
CVE-2023-22611 A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that coul...
S
CVE-2023-22612 An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious hos...
CVE-2023-22613 An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible ...
CVE-2023-22614 An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is i...
E
CVE-2023-22615 An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfuncti...
CVE-2023-22616 An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is ...
E
CVE-2023-22617 A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS que...
CVE-2023-22618 If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user ...
CVE-2023-22620 An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi al...
E
CVE-2023-22621 Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploite...
E
CVE-2023-22622 WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and th...
CVE-2023-22624 Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks....
CVE-2023-22626 PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present i...
E
CVE-2023-22629 An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal v...
E
CVE-2023-22630 IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI....
E
CVE-2023-22633 An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0...
S
CVE-2023-22635 A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 t...
S
CVE-2023-22636 An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through...
S
CVE-2023-22637 An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilit...
S
CVE-2023-22638 Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in Forti...
S
CVE-2023-22639 A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through...
S
CVE-2023-22640 A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through...
S
CVE-2023-22641 A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2....
S
CVE-2023-22642 An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 t...
S
CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
E S
CVE-2023-22644 JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
CVE-2023-22645 kubewarden: Excessive permissions for kubewarden-controller-manager-cluster-role
CVE-2023-22647 An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage th...
CVE-2023-22648 A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD ...
CVE-2023-22649 Rancher 'Audit Log' leaks sensitive information
M
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
CVE-2023-22651 Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure i...
M
CVE-2023-22652 Stack buffer overflow in "read_file" function
CVE-2023-22653 An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Mil...
E
CVE-2023-22654 Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. ...
CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using I...
CVE-2023-22656 Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may...
CVE-2023-22657 F5OS vulnerability
CVE-2023-22659 An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Mil...
E
CVE-2023-22660 A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 proce...
E
CVE-2023-22661 Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privilege...
S
CVE-2023-22662 Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600B...
CVE-2023-22663 Improper authentication for some Intel Unison software may allow an authenticated user to potentiall...
CVE-2023-22664 BIG-IP HTTP/2 profile vulnerability
CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions.
M
CVE-2023-22666 Integer Overflow or Wraparound in Audio
CVE-2023-22667 Integer Overflow or Wraparound in Audio
CVE-2023-22668 Use After Free in Audio
S
CVE-2023-22669 Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of t...
CVE-2023-22670 A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawin...
CVE-2023-22671 Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided inpu...
E S
CVE-2023-22672 WordPress vSlider Multi Image Slider for WordPress Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22673 WordPress Website Monetization by MageNet Plugin <= 1.0.29.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22674 WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control
CVE-2023-22676 WordPress Advanced Custom Fields: Image Crop Add-on Plugin <= 1.4.12 is vulnerable to Broken Access Control
CVE-2023-22677 WordPress WP Booklet Plugin <= 2.1.8 is vulnerable to Remote Code Execution (RCE)
CVE-2023-22678 WordPress Superior FAQ Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22679 WordPress WP Better Emails Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22680 WordPress No API Amazon Affiliate Plugin <= 4.2.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22681 WordPress Online Exam Software : eExamhall Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22682 WordPress Camera slideshow Plugin <= 1.4.0.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22683 WordPress Clio Grow Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22684 WordPress Subscribers – Free Web Push Notifications Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22685 WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22686 WordPress Nice PayPal Button Lite Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22687 WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup Plugin <= 1.9.4.0 is vulnerable to Sensitive Data Exposure
S
CVE-2023-22688 WordPress WP Tabs Slides Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22689 WordPress Auto Affiliate Links Plugin <= 6.3 is vulnerable to Broken Access Control
S
CVE-2023-22690 WordPress Ebook Store Plugin <= 5.775 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22691 WordPress Category Specific RSS feed Subscription Plugin <= v2.1 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-22692 WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-22693 WordPress WP Google Tag Manager Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22694 WordPress BigContact Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22695 WordPress Custom Field Template Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-22696 WordPress Affiliate Links Lite Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22697 WordPress Survey Maker plugin <= 3.2.0 - Broken Access Control vulnerability
S
CVE-2023-22698 WordPress Theme Blvd Responsive Google Maps Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22699 WordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation Vulnerability
S
CVE-2023-22700 WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin <= 9.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
S
CVE-2023-22701 WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability
S
CVE-2023-22702 WordPress WPMobile.App — Android and iOS Mobile Application Plugin <= 11.13 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22703 WordPress WCP Contact Form Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22704 WordPress teachPress Plugin <= 8.1.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22705 WordPress Welcart e-Commerce Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22706 WordPress PropertyHive Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22707 WordPress Greenshift – animation and page builder blocks Plugin <= 4.9.9 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22708 WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability
S
CVE-2023-22709 WordPress SRS Simple Hits Counter Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22710 WordPress Return and Warranty Management System for WooCommerce Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22711 WordPress IMPress Listings Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22712 WordPress TemplatesNext ToolKit Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22713 WordPress Gutenberg Blocks by WordPress Download Manager Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22714 WordPress Coming Soon by Supsystic Plugin <= 1.7.10 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-22715 WordPress WP-CommentNavi Plugin <= 1.12.1 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22716 WordPress OOPSpam Anti-Spam Plugin <= 1.1.35 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22717 WordPress FormCraft Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22718 WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22719 WordPress GiveWP Plugin <= 2.25.1 is vulnerable to CSV Injection
S
CVE-2023-22720 WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)
S
CVE-2023-22721 WordPress Oi Yandex.Maps for WordPress Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22722 glpi subject to Cross-site Scripting (XSS) - Reflected
CVE-2023-22724 glpi contains XSS in RSS Description Link
CVE-2023-22725 glpi vulnerable to XSS on external links
CVE-2023-22726 Unrestricted file upload leading to privilege escalation in act
E S
CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp
S
CVE-2023-22728 Silverstripe Framework has missing permission check of canView in GridFieldPrintButton
S
CVE-2023-22729 Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen
S
CVE-2023-22730 Improper Input Validation of Clearance sale in cart
S
CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware
S
CVE-2023-22732 Insufficient Session Expiration in Administration in shopware
S
CVE-2023-22733 Improper Output Neutralization in Log Module in shopware
S
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
S
CVE-2023-22735 User uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip
S
CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled
CVE-2023-22737 wire-server vulnerable to unauthorized removal of Bots from Conversations
S
CVE-2023-22738 Improper Preservation of Permissions in vantage6
S
CVE-2023-22739 Discourse subject to Allocation of Resources Without Limits or Throttling
CVE-2023-22740 Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts
S
CVE-2023-22741 heap-over-flow in stun_parse_attribute in sofia-sip
E S
CVE-2023-22742 libgit2 fails to verify SSH keys by default
S
CVE-2023-22743 Git for Windows' installer is susceptible to DLL side loading attacks
S
CVE-2023-22745 Buffer Overlow in TSS2_RC_Decode in tpm2-tss
E S
CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images
S
CVE-2023-22747 Multiple Unauthenticated Command Injections in the PAPI Protocol
CVE-2023-22748 Multiple Unauthenticated Command Injections in the PAPI Protocol
CVE-2023-22749 Multiple Unauthenticated Command Injections in the PAPI Protocol
CVE-2023-22750 Multiple Unauthenticated Command Injections in the PAPI Protocol
CVE-2023-22751 Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol
CVE-2023-22752 Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol
CVE-2023-22753 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
CVE-2023-22754 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
CVE-2023-22755 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
CVE-2023-22756 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
CVE-2023-22757 Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes
CVE-2023-22758 Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
CVE-2023-22759 Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
CVE-2023-22760 Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
CVE-2023-22761 Authenticated Remote Command Execution in ArubaOS Web-based Management Interface
CVE-2023-22762 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22763 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22764 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22765 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22766 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22767 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22768 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22769 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22770 Authenticated Remote Command Execution in the ArubaOS Command Line Interface
CVE-2023-22771 Insufficient Session Expiration in ArubaOS Command Line Interface
CVE-2023-22772 Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion
CVE-2023-22773 Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.
CVE-2023-22774 Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion.
CVE-2023-22775 Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface
CVE-2023-22776 Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read
CVE-2023-22777 Authenticated Information Disclosure in ArubaOS Web-based Management Interface
CVE-2023-22778 Authenticated Stored Cross-Site Scripting
CVE-2023-22779 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22780 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22781 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22782 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22783 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22784 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22785 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22786 Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol
CVE-2023-22787 Unauthenticated Denial of Service (DoS) in Aruba InstantOS or ArubaOS 10 Service Accessed via the PAPI Protocol
M
CVE-2023-22788 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
CVE-2023-22789 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
CVE-2023-22790 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
CVE-2023-22791 Aruba InstantOS and ArubaOS 10 Sensitive Information Disclosure
CVE-2023-22792 A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Sp...
S
CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comme...
E S
CVE-2023-22795 A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the...
S
CVE-2023-22796 A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially cr...
S
CVE-2023-22797 An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redire...
CVE-2023-22798 Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists rem...
E S
CVE-2023-22799 A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a car...
S
CVE-2023-22803 CVE-2023-22803
M
CVE-2023-22804 CVE-2023-22804
M
CVE-2023-22805 CVE-2023-22805
M
CVE-2023-22806 CVE-2023-22806
M
CVE-2023-22807 CVE-2023-22807
M
CVE-2023-22808 An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small po...
CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user...
E M
CVE-2023-22812 SanDisk PrivateAccess Deprecated TLS protocol versions supported
S
CVE-2023-22813 Device API endpoint missing access controls on Western Digital Mobile and Web Apps
S
CVE-2023-22814 Authentication Bypass issue in My Cloud OS 5 devices
S
CVE-2023-22815 Post-authentication remote command injection vulnerability on Western Digital My Cloud OS 5 devices
S
CVE-2023-22816 Limited Post-Authentication Remote Command Injection in My Cloud Products
S
CVE-2023-22817 Server-side Request Forgery vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products
S
CVE-2023-22818 Multiple DLL Search Order hijacking Vulnerabilities in SanDisk Security Installer for Windows
CVE-2023-22819 Uncontrolled resource consumption vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products
S
CVE-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes
CVE-2023-22833 Mandatory control bypass in Lime2
CVE-2023-22834 The contour service was not checking that users had permission to create an analysis for a given dataset
CVE-2023-22835 Denial of Service in Foundry Issues
CVE-2023-22836 In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.
CVE-2023-22838 Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0...
S
CVE-2023-22839 BIG-IP DNS profile vulnerability
CVE-2023-22840 Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may a...
CVE-2023-22841 Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) fo...
S
CVE-2023-22842 BIG-IP SIP profile vulnerability
CVE-2023-22843 Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2
S
CVE-2023-22844 An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of...
E
CVE-2023-22845 An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImag...
E
CVE-2023-22846 Datakit CrossCAD/Ware
S
CVE-2023-22847 Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Main...
CVE-2023-22848 Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 m...
CVE-2023-22849 Apache Sling App CMS: XSS in CMS Reference / UI Components
CVE-2023-22850 Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Inj...
E
CVE-2023-22851 Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admi...
E
CVE-2023-22852 Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.ph...
CVE-2023-22853 Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Ob...
CVE-2023-22854 The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow a...
CVE-2023-22855 Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface l...
E
CVE-2023-22856 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0
CVE-2023-22857 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0
CVE-2023-22858 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0
CVE-2023-22860 IBM Cloud Pak for Business Automation cross-site scripting
S
CVE-2023-22862 IBM Aspera information disclosure
S
CVE-2023-22863 IBM Robotic Process Automation information disclosure
S
CVE-2023-22868 IBM Aspera Faspex cross-site scripting
S
CVE-2023-22869 IBM Aspera Faspex information disclosure
CVE-2023-22870 IBM Aspera Faspex information disclosure
S
CVE-2023-22874 IBM MQ denial of service
S
CVE-2023-22875 IBM Security QRadar SIEM information disclosure
CVE-2023-22876 IBM Sterling B2B Integrator information disclosure
S
CVE-2023-22877 IBM InfoSphere Information Server CSV injection
S
CVE-2023-22878 IBM InfoSphere Information Server information disclosure
S
CVE-2023-22880 Information Disclosure in Zoom for Windows Clients
CVE-2023-22881 Denial of Service in Zoom Clients
CVE-2023-22882 Denial of Service in Zoom Clients
CVE-2023-22883 Local Privilege Escalation in Zoom for Windows Installers
CVE-2023-22884 Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
S
CVE-2023-22885 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability
CVE-2023-22887 Apache Airflow path traversal by authenticated user
S
CVE-2023-22888 Apache Airflow: Scheduler remote DoS
S
CVE-2023-22889 SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. T...
CVE-2023-22890 SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which...
CVE-2023-22891 There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that...
CVE-2023-22892 There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 t...
CVE-2023-22893 Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the A...
E
CVE-2023-22894 Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user de...
E
CVE-2023-22895 The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file ...
E S
CVE-2023-22897 An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi al...
E
CVE-2023-22898 workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when...
S
CVE-2023-22899 Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decr...
E S
CVE-2023-22900 Thinking Software Technology Co., Ltd. Efence - SQL Injection
S
CVE-2023-22901 ChangingTec MOTP - Path Traversal
CVE-2023-22902 Openfind Mail2000 - XSS
S
CVE-2023-22903 api/views/user.py in LibrePhotos before e19e539 has incorrect access control....
S
CVE-2023-22906 Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, witho...
E
CVE-2023-22909 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x ...
S
CVE-2023-22910 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x ...
E S
CVE-2023-22911 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x ...
E S
CVE-2023-22912 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x ...
E S
CVE-2023-22913 A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Z...
CVE-2023-22914 A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmw...
CVE-2023-22915 A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series fir...
CVE-2023-22916 The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series fi...
CVE-2023-22917 A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware version...
CVE-2023-22918 A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firm...
S
CVE-2023-22919 The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(...
S
CVE-2023-22920 A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(AB...
CVE-2023-22921 A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00...
S
CVE-2023-22922 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0...
S
CVE-2023-22923 A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(...
S
CVE-2023-22924 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0...
S
CVE-2023-22931 ‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise
CVE-2023-22932 Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
CVE-2023-22933 Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
E
CVE-2023-22934 SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
E
CVE-2023-22935 SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
CVE-2023-22936 Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
CVE-2023-22937 Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
M
CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise
CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
CVE-2023-22940 SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
CVE-2023-22941 Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
CVE-2023-22942 Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
CVE-2023-22943 Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK
M
CVE-2023-22945 In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows...
S
CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class
CVE-2023-22947 Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) bef...
E
CVE-2023-22948 An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to...
E
CVE-2023-22949 An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credenti...
E
CVE-2023-22950 An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server,...
E
CVE-2023-22951 An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication toke...
E
CVE-2023-22952 In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the Emai...
KEV E
CVE-2023-22953 In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control ...
CVE-2023-22955 An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmwar...
E
CVE-2023-22956 An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-...
E
CVE-2023-22957 An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to t...
E
CVE-2023-22958 The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via...
E
CVE-2023-22959 WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspas...
E
CVE-2023-22960 Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency....
CVE-2023-22963 The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digi...
CVE-2023-22964 Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authenti...
CVE-2023-22970 Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file....
CVE-2023-22971 Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1....
E
CVE-2023-22972 A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_function...
S
CVE-2023-22973 A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows ...
E S
CVE-2023-22974 A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitra...
E S
CVE-2023-22975 A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrar...
E
CVE-2023-22984 A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability i...
E
CVE-2023-22985 Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (X...
CVE-2023-22995 In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/d...
S
CVE-2023-22996 In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_b...
S
CVE-2023-22997 In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page ...
S
CVE-2023-22998 In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_...
S
CVE-2023-22999 In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_u...
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.