NVD - Home

CVE-2023-25804 - Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using...

read CVE-2023-25804
Published: March 15, 2023; 2:15:10 PM -0400

V3.1: 5.3 MEDIUM

CVE-2023-22591 - IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.

Published: March 15, 2023; 5:15:08 PM -0400

V3.1: 3.2 LOW

CVE-2023-24229 - DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component.

Published: March 15, 2023; 2:15:10 PM -0400

V3.1: 7.8 HIGH

CVE-2022-39216 - Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in version...

read CVE-2022-39216
Published: March 14, 2023; 12:15:10 PM -0400

V3.1: 9.8 CRITICAL

CVE-2023-25680 - IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.

Published: March 15, 2023; 4:15:10 PM -0400

V3.1: 6.5 MEDIUM

CVE-2020-4927 - A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.

Published: March 15, 2023; 3:15:24 PM -0400

V3.1: 8.2 HIGH

CVE-2023-26284 - IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.

Published: March 15, 2023; 2:15:10 PM -0400

V3.1: 8.8 HIGH

CVE-2022-46774 - IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.

Published: March 15, 2023; 3:15:24 PM -0400

V3.1: 6.5 MEDIUM

CVE-2023-22876 - IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364.

Published: March 15, 2023; 3:15:24 PM -0400

V3.1: 6.5 MEDIUM

CVE-2020-27507 - The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.

Published: March 15, 2023; 4:15:10 PM -0400

V3.1: 9.8 CRITICAL

CVE-2022-46773 - IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.

Published: March 15, 2023; 4:15:10 PM -0400

V3.1: 6.5 MEDIUM

CVE-2023-24468 - Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2

Published: March 15, 2023; 7:15:09 PM -0400

V3.1: 9.8 CRITICAL

CVE-2023-25282 - A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.

Published: March 15, 2023; 3:15:24 PM -0400

V3.1: 6.5 MEDIUM

CVE-2023-27501 - SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory t...

read CVE-2023-27501
Published: March 14, 2023; 2:15:12 AM -0400

V3.1: 9.6 CRITICAL

CVE-2022-39214 - Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2...

read CVE-2022-39214
Published: March 14, 2023; 12:15:10 PM -0400

V3.1: 7.5 HIGH

CVE-2023-26912 - Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.

Published: March 15, 2023; 4:15:10 PM -0400

V3.1: 4.8 MEDIUM

CVE-2023-25345 - Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.

Published: March 15, 2023; 4:15:10 PM -0400

V3.1: 7.5 HIGH

CVE-2023-25344 - An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.

Published: March 15, 2023; 4:15:10 PM -0400

V3.1: 9.8 CRITICAL

CVE-2023-1415 - A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated re...

read CVE-2023-1415
Published: March 15, 2023; 12:15:10 PM -0400

V3.1: 8.8 HIGH

CVE-2022-43874 - IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct...

read CVE-2022-43874
Published: March 15, 2023; 2:15:10 PM -0400

V3.1: 6.1 MEDIUM