High
CVE-2023-0046
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch.
Read moreAll CVEs — 2023
Page 216/217.
Browse all CVEs by publication year. Use filters to refine.
CVSS ≥ 0.0
2023-01-04
Medium
CVE-2022-44446
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44445
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44444
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44443
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44442
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44441
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44440
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44439
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44438
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44437
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44436
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44435
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44434
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44432
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44431
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44430
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44429
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44428
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44427
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44426
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44425
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
Read more
Medium
CVE-2022-44424
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44423
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-44422
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-39118
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
Read more
Medium
CVE-2022-39116
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
Read more
Medium
CVE-2022-39104
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-39088
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-39087
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-39086
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-39085
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-39084
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-39083
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-39082
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-39081
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
Read more
Medium
CVE-2022-38684
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-38683
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-38682
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2022-38678
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Read more
Medium
CVE-2020-36639
A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component…
Read more
Low
CVE-2019-25094
A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipul…
Read more
Low
CVE-2016-15008
A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighligh…
Read more
Low
CVE-2014-125039
A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected by this issue is some unknown functionality of the component Trainer Handler. The manipulation leads…
Read more
Medium
CVE-2010-10003
A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of…
Read more
High
CVE-2022-46081
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the Li…
Read more
Medium
CVE-2022-42435
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could all…
Read more2023-01-03
Medium
CVE-2022-42710
Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).
Read more
High
CVE-2022-38723
Gravitee API Management before 3.15.13 allows path traversal through HTML injection.
Read more
Medium
CVE-2022-2967
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user crede…
Read more
High
CVE-2022-44036
In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is…
Read more
Critical
CVE-2022-38627
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter.
Read more
High
CVE-2022-36943
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when o…
Read more
Critical
CVE-2022-32665
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is n…
Read more
High
CVE-2022-32664
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is…
Read more
Medium
CVE-2022-32659
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is…
Read more
Medium
CVE-2022-32658
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is…
Read more
Medium
CVE-2022-32657
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is…
Read more
Medium
CVE-2022-32653
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for explo…
Read more
Medium
CVE-2022-32652
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for explo…
Read more
Medium
CVE-2022-32651
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for explo…
Read more
Medium
CVE-2022-32650
In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for explo…
Read more
Medium
CVE-2022-32649
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploita…
Read more
Medium
CVE-2022-32648
In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for explo…
Read more
Medium
CVE-2022-32647
In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee…
Read more
Medium
CVE-2022-32646
In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed…
Read more
Medium
CVE-2022-32645
In vow, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for…
Read more
Medium
CVE-2022-32644
In vow, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi…
Read more
Medium
CVE-2022-32641
In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not n…
Read more
Medium
CVE-2022-32640
In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not…
Read more
Medium
CVE-2022-32639
In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ne…
Read more
Medium
CVE-2022-32638
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e…
Read more
Medium
CVE-2022-32637
In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n…
Read more
Medium
CVE-2022-32636
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ne…
Read more
High
CVE-2022-32635
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
Read more
Medium
CVE-2022-32623
In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need…
Read more
Medium
CVE-2022-23506
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.…
Read more
High
CVE-2022-45867
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution.
Read more
Medium
CVE-2023-22456
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerabil…
Read more
High
CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from use…
Read more
Critical
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. Th…
Read more
Medium
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWe…
Read more
Medium
CVE-2022-41336
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allo…
Read more
High
CVE-2022-39947
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version v…
Read more
High
CVE-2022-35845
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through…
Read more
Medium
CVE-2021-32821
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An att…
Read more
High
CVE-2022-38766
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
Read more
Medium
CVE-2022-4663
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient inp…
Read more
Medium
CVE-2022-4871
A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.ph…
Read more
Low
CVE-2012-10003
A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to…
Read more
Medium
CVE-2013-10007
A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to informati…
Read more
Low
CVE-2015-10012
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the…
Read more
Low
CVE-2012-10002
A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument…
Read more
High
CVE-2022-47908
Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafte…
Read more
Critical
CVE-2022-47618
Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or dis…
Read more
High
CVE-2022-47317
Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted projec…
Read more
High
CVE-2022-46360
Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to ope…
Read more
Medium
CVE-2022-46309
Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files.
Read more
High
CVE-2022-46306
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious w…
Read more
Medium
CVE-2022-46305
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Read more
High
CVE-2022-46304
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the compone…
Read more
High
CVE-2022-43448
Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to op…
Read more
High
CVE-2022-43438
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access res…
Read more
High
CVE-2022-43437
The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delet…
Read more
High
CVE-2022-43436
The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to mani…
Read more
High
CVE-2022-41645
Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project…
Read more
High
CVE-2022-40740
Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to exec…
Read more
Critical
CVE-2022-39042
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary syste…
Read more
Critical
CVE-2022-39041
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify a…
Read more
High
CVE-2022-39040
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
Read more
Critical
CVE-2022-39039
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request…
Read more
Medium
CVE-2022-3614
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url witho…
Read more
High
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Read more2023-01-02
Medium
CVE-2022-4025
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity:…
Read more
Medium
CVE-2022-3863
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Read more
High
CVE-2022-3842
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.…
Read more
High
CVE-2022-2743
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an o…
Read more
High
CVE-2022-2742
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit…
Read more
Medium
CVE-2022-0801
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)
Read more
Medium
CVE-2022-0337
Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrom…
Read more