Hírolvasó

NVD: all CVE · 2023. február 3.

CVE-2023-23932

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1.
NVD: all CVE · 2023. február 3.

CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21.
NVD: all CVE · 2023. február 3.

CVE-2023-24029

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
NVD: all CVE · 2023. február 3.

CVE-2023-25125

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2023. Notes: none.
NVD: all CVE · 2023. február 3.

CVE-2022-45492

Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
NVD: all CVE · 2023. február 3.

CVE-2022-45493

Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
NVD: all CVE · 2023. február 3.

CVE-2022-45496

Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
NVD: all CVE · 2023. február 3.

CVE-2022-45588

XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09.
NVD: all CVE · 2023. február 3.

CVE-2022-47070

NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information.
NVD: all CVE · 2023. február 3.

CVE-2022-47762

In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability.
NVD: all CVE · 2023. február 3.

CVE-2022-48165

An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
NVD: all CVE · 2023. február 3.

CVE-2023-0663

A vulnerability was found in Calendar Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175.
NVD: all CVE · 2023. február 3.

CVE-2022-45491

Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.