Vulnerabilities (CVE)

Total 18422 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3643 1 Sox Project 1 Sox 2023-02-05 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.
CVE-2023-24022 1 Baicells 5 Nova227, Nova233, Nova243 and 2 more 2023-02-04 N/A 9.8 CRITICAL
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)
CVE-2023-24427 1 Jenkins 1 Bitbucket Oauth 2023-02-04 N/A 9.8 CRITICAL
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
CVE-2023-24429 1 Jenkins 1 Semantic Versioning 2023-02-04 N/A 9.8 CRITICAL
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
CVE-2023-24430 1 Jenkins 1 Semantic Versioning 2023-02-04 N/A 9.8 CRITICAL
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-48008 1 Limesurvey 1 Limesurvey 2023-02-04 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-0562 1 Bank Locker Management System Project 1 Bank Locker Management System 2023-02-04 N/A 9.8 CRITICAL
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.
CVE-2022-44298 1 Sscms 1 Siteserver Cms 2023-02-04 N/A 9.8 CRITICAL
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.
CVE-2022-48011 1 Opencats 1 Opencats 2023-02-04 N/A 9.8 CRITICAL
Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.
CVE-2018-3902 1 Samsung 2 Sth-eth-250, Sth-eth-250 Firmware 2023-02-04 9.0 HIGH 9.9 CRITICAL
An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2018-3917 1 Samsung 2 Sth-eth-250, Sth-eth-250 Firmware 2023-02-04 9.0 HIGH 9.9 CRITICAL
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.
CVE-2022-22978 3 Netapp, Oracle, Vmware 3 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Spring Security 2023-02-04 7.5 HIGH 9.8 CRITICAL
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass
CVE-2022-39135 1 Apache 1 Calcite 2023-02-04 N/A 9.8 CRITICAL
In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.
CVE-2022-28711 1 Ardupilot 1 Apweb 2023-02-04 7.5 HIGH 9.8 CRITICAL
A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
CVE-2022-41853 2 Debian, Hsqldb 2 Debian Linux, Hypersql Database 2023-02-03 N/A 9.8 CRITICAL
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
CVE-2022-42920 2 Apache, Fedoraproject 2 Commons Bcel, Fedora 2023-02-03 N/A 9.8 CRITICAL
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
CVE-2022-0730 3 Cacti, Debian, Fedoraproject 3 Cacti, Debian Linux, Fedora 2023-02-03 6.8 MEDIUM 9.8 CRITICAL
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
CVE-2022-38337 1 Mobatek 1 Mobaxterm 2023-02-03 N/A 9.1 CRITICAL
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.
CVE-2019-16092 2 Canonical, Symonics 2 Ubuntu Linux, Libmysofa 2023-02-03 7.5 HIGH 9.8 CRITICAL
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
CVE-2019-16093 2 Canonical, Symonics 2 Ubuntu Linux, Libmysofa 2023-02-03 7.5 HIGH 9.8 CRITICAL
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.