CVE-2022-40034
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the ‘notifyInfo’ parameter.
Source: CVE-2022-40034
[월:] 2023년 01월
CVE-2022-46639
CVE-2022-46639
A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal.
Source: CVE-2022-46639
CVE-2023-22630
CVE-2023-22630
IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.
Source: CVE-2023-22630
CVE-2022-23005
CVE-2022-23005
Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers.
Source: CVE-2022-23005
CVE-2018-20104
CVE-2018-20104
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
Source: CVE-2018-20104
CVE-2023-23560
CVE-2023-23560
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
Source: CVE-2023-23560
CVE-2023-22960
CVE-2023-22960
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
Source: CVE-2023-22960
CVE-2023-23824
CVE-2023-23824
Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions.
Source: CVE-2023-23824
CVE-2023-23687
CVE-2023-23687
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.
Source: CVE-2023-23687
CVE-2023-22721
CVE-2023-22721
Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.
Source: CVE-2023-22721