Weekly Vulnerabilities Reports > February 27 to March 5, 2023

Overview

491 new vulnerabilities reported during this period, including 72 critical vulnerabilities and 165 high severity vulnerabilities. This weekly summary report vulnerabilities in 627 products from 201 vendors including Apple, Arubanetworks, Heimgardtechnologies, Google, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Command Injection", and "Cross-Site Request Forgery (CSRF)".

  • 378 reported vulnerabilities are remotely exploitables.
  • 171 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 263 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 55 reported vulnerabilities.
  • Arubanetworks has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

72 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-02 CVE-2023-26055 Xwiki Unspecified vulnerability in Xwiki Commons

XWiki Commons are technical libraries common to several other top level XWiki projects.

9.9
2023-03-05 CVE-2021-4329 Json Logic JS Project Command Injection vulnerability in Json-Logic-Js Project Json-Logic-Js 2.0.0

A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0.

9.8
2023-03-05 CVE-2008-10003 Flashgames Project SQL Injection vulnerability in Flashgames Project Flashgames 1.1.0

A vulnerability was found in iGamingModules flashgames 1.1.0.

9.8
2023-03-04 CVE-2014-125091 Codepeople SQL Injection vulnerability in Codepeople Polls CP 1.0.1

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical.

9.8
2023-03-03 CVE-2023-26779 YF Exam Project Deserialization of Untrusted Data vulnerability in Yf-Exam Project Yf-Exam 1.8.0

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).

9.8
2023-03-03 CVE-2022-46973 Anji Plus Server-Side Request Forgery (SSRF) vulnerability in Anji-Plus Report 0.9.8.6

Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.

9.8
2023-03-03 CVE-2023-27574 Shadowsocks Unspecified vulnerability in Shadowsocks Shadowsocksx-Ng 1.10.0

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.

9.8
2023-03-03 CVE-2023-24641 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.

9.8
2023-03-03 CVE-2023-24642 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.

9.8
2023-03-03 CVE-2023-24643 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.

9.8
2023-03-03 CVE-2023-20078 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.

9.8
2023-03-03 CVE-2022-45551 ZBT Missing Authentication for Critical Function vulnerability in ZBT We1626 Firmware 21.06.18

An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.

9.8
2023-03-03 CVE-2022-45553 ZBT Unspecified vulnerability in ZBT We1626 Firmware 21.06.18

An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.

9.8
2023-03-02 CVE-2022-46501 Accruent SQL Injection vulnerability in Accruent Maintenance Connection 2021/2022.2

Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.

9.8
2023-03-02 CVE-2021-4328 Lionfish CMS Project SQL Injection vulnerability in Lionfish CMS Project Lionfish CMS

A vulnerability has been found in ???CMS and classified as critical.

9.8
2023-03-02 CVE-2023-26477 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

9.8
2023-03-02 CVE-2023-26780 YF Exam Project SQL Injection vulnerability in Yf-Exam Project Yf-Exam 1.8.0

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.

9.8
2023-03-02 CVE-2021-3854 Glox SQL Injection vulnerability in Glox Useroam Hotspot

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.

9.8
2023-03-02 CVE-2023-1151 Electronic Medical Records System Project SQL Injection vulnerability in Electronic Medical Records System Project Electronic Medical Records System 1.0

A vulnerability was found in SourceCodester Electronic Medical Records System 1.0.

9.8
2023-03-02 CVE-2023-26053 Gradle Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development.

9.8
2023-03-01 CVE-2023-1097 Baicells Command Injection vulnerability in Baicells Eg7035-M11 Firmware Bceodu1.0.8

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections.

9.8
2023-03-01 CVE-2023-1130 Computer Parts Sales AND Inventory System Project SQL Injection vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0.

9.8
2023-03-01 CVE-2023-23315 Stripe SQL Injection vulnerability in Stripe Payment PRO

The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5.

9.8
2023-03-01 CVE-2023-1064 Uzaybaskul SQL Injection vulnerability in Uzaybaskul Weighbridge Automation Software

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Automation Software: before 1.1.

9.8
2023-03-01 CVE-2023-1114 Eskom Missing Authorization vulnerability in Eskom E-Belediye 1.0.0.95

Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.

9.8
2023-03-01 CVE-2021-4327 Serenityos Integer Overflow or Wraparound vulnerability in Serenityos 20191230

A vulnerability was found in SerenityOS.

9.8
2023-03-01 CVE-2023-1112 Codedropz Path Traversal vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 5.0.6.1

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress.

9.8
2023-03-01 CVE-2022-37936 HPE Deserialization of Untrusted Data vulnerability in HPE Serviceguard for Linux

Unauthenticated Java deserialization vulnerability in Serviceguard Manager

9.8
2023-03-01 CVE-2022-37937 HPE Out-of-bounds Write vulnerability in HPE Serviceguard for Linux

Pre-auth memory corruption in HPE Serviceguard

9.8
2023-03-01 CVE-2022-37938 HPE Server-Side Request Forgery (SSRF) vulnerability in HPE Serviceguard for Linux

Unauthenticated server side request forgery in HPE Serviceguard Manager

9.8
2023-03-01 CVE-2023-20032 Cisco
Clamav
Stormshield
Out-of-bounds Write vulnerability in multiple products

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write.

9.8
2023-03-01 CVE-2023-22747 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).

9.8
2023-03-01 CVE-2023-22748 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).

9.8
2023-03-01 CVE-2023-22749 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).

9.8
2023-03-01 CVE-2023-22750 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).

9.8
2023-03-01 CVE-2023-22751 Arubanetworks Out-of-bounds Write vulnerability in Arubanetworks Arubaos and Sd-Wan

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).

9.8
2023-03-01 CVE-2023-22752 Arubanetworks Out-of-bounds Write vulnerability in Arubanetworks Arubaos and Sd-Wan

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211).

9.8
2023-03-01 CVE-2023-22753 Arubanetworks Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol.

9.8
2023-03-01 CVE-2023-22754 Arubanetworks Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol.

9.8
2023-03-01 CVE-2023-22755 Arubanetworks Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol.

9.8
2023-03-01 CVE-2023-22756 Arubanetworks Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol.

9.8
2023-03-01 CVE-2023-22757 Arubanetworks Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan

There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol.

9.8
2023-02-28 CVE-2023-1099 Online Student Management System Project SQL Injection vulnerability in Online Student Management System Project Online Student Management System 1.0

A vulnerability was found in SourceCodester Online Student Management System 1.0.

9.8
2023-02-28 CVE-2023-1100 Online Catering Reservation System Project SQL Injection vulnerability in Online Catering Reservation System Project Online Catering Reservation System 1.0

A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0.

9.8
2023-02-28 CVE-2023-27372 Spip
Debian
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled.
9.8
2023-02-28 CVE-2023-0339 Forgerock Path Traversal vulnerability in Forgerock web Policy Agents 5.10/5.10.1

Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1

9.8
2023-02-28 CVE-2023-0511 Forgerock Path Traversal vulnerability in Forgerock Java Policy Agents 5.10.1

Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1

9.8
2023-02-28 CVE-2023-20946 Google Unspecified vulnerability in Google Android

In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy.

9.8
2023-02-28 CVE-2015-10086 Server PHP Project SQL Injection vulnerability in Server-PHP Project Server-PHP

A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php.

9.8
2023-02-27 CVE-2023-24258 Spip SQL Injection vulnerability in Spip

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter.

9.8
2023-02-27 CVE-2022-26760 Apple Out-of-bounds Write vulnerability in Apple Iphone OS

A memory corruption issue was addressed with improved state management.

9.8
2023-02-27 CVE-2022-46723 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks.

9.8
2023-02-27 CVE-2023-23513 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.8
2023-02-27 CVE-2023-24253 Domoticalabs SQL Injection vulnerability in Domoticalabs Ikon Server

Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.

9.8
2023-02-27 CVE-2022-48255 Huawei Command Injection vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325.

9.8
2023-02-27 CVE-2022-48259 Huawei Command Injection vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325.

9.8
2023-02-27 CVE-2022-48283 Huawei Improper Privilege Management vulnerability in Huawei Hilink AI Life 12.0.2.305

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability.

9.8
2023-02-27 CVE-2022-48284 Huawei Improper Privilege Management vulnerability in Huawei Hilink AI Life 12.0.2.305

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability.

9.8
2023-02-27 CVE-2023-23155 Phpgurukul SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login.

9.8
2023-02-27 CVE-2023-23156 Phpgurukul SQL Injection vulnerability in PHPgurukul ART Gallery Management System 1.0

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page.

9.8
2023-02-27 CVE-2023-25231 Tenda Out-of-bounds Write vulnerability in Tenda W30E Firmware V1.0.1.25(633)

Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.

9.8
2023-02-27 CVE-2023-25233 Tenda Out-of-bounds Write vulnerability in Tenda Ac500 Firmware 2.0.1.9(1307)

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.

9.8
2023-02-27 CVE-2023-25234 Tenda Out-of-bounds Write vulnerability in Tenda Ac500 Firmware 2.0.1.9(1307)

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.

9.8
2023-02-27 CVE-2022-45138 Wago Missing Authentication for Critical Function vulnerability in Wago products

The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API.

9.8
2023-02-27 CVE-2022-45140 Wago Missing Authentication for Critical Function vulnerability in Wago products

The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

9.8
2023-02-27 CVE-2023-23080 Tenda Command Injection vulnerability in Tenda products

Certain Tenda products are vulnerable to command injection.

9.8
2023-02-27 CVE-2023-24206 Davinci Project SQL Injection vulnerability in Davinci Project Davinci 0.3.0

Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.

9.8
2023-02-27 CVE-2023-1053 Music Gallery Site Project SQL Injection vulnerability in Music Gallery Site Project Music Gallery Site 1.0

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical.

9.8
2023-02-27 CVE-2023-1054 Music Gallery Site Project SQL Injection vulnerability in Music Gallery Site Project Music Gallery Site 1.0

A vulnerability was found in SourceCodester Music Gallery Site 1.0.

9.8
2023-03-03 CVE-2023-0957 Gitpod Origin Validation Error vulnerability in Gitpod

An issue was discovered in Gitpod versions prior to release-2022.11.2.16.

9.6
2023-03-03 CVE-2023-27290 IBM Missing Authentication for Critical Function vulnerability in IBM Observability With Instana

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication.

9.1
2023-02-27 CVE-2022-34909 Aremis SQL Injection vulnerability in Aremis 4 Nomads

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android.

9.1

165 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-04 CVE-2023-23929 Vantage6 Insufficient Session Expiration vulnerability in Vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange.

8.8
2023-03-04 CVE-2023-26490 Mailcow OS Command Injection vulnerability in Mailcow Mailcow: Dockerized

mailcow is a dockerized email package, with multiple containers linked in one bridged network.

8.8
2023-03-03 CVE-2023-1162 Draytek Command Injection vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5.

8.8
2023-03-02 CVE-2023-1101 Sonicwall Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

8.8
2023-03-02 CVE-2023-22381 Github Code Injection vulnerability in Github Enterprise Server

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner.

8.8
2023-03-02 CVE-2023-26471 Xwiki Unspecified vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-03-02 CVE-2023-26472 Xwiki Improper Encoding or Escaping of Output vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-03-02 CVE-2023-26474 Xwiki Unspecified vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-03-02 CVE-2023-26475 Xwiki Improper Privilege Management vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-03-02 CVE-2023-25361 Webkitgtk Use After Free vulnerability in Webkitgtk

A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

8.8
2023-03-02 CVE-2023-25362 Webkitgtk Use After Free vulnerability in Webkitgtk

A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

8.8
2023-03-02 CVE-2023-25363 Webkitgtk Use After Free vulnerability in Webkitgtk

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

8.8
2023-03-02 CVE-2023-25358 Webkitgtk
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

8.8
2023-03-02 CVE-2023-25360 Webkitgtk Use After Free vulnerability in Webkitgtk

A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

8.8
2023-03-02 CVE-2023-0228 ABB Improper Authentication vulnerability in ABB Symphony Plus S+ Operations 2.1/2.2/3.3

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.

8.8
2023-03-01 CVE-2022-3294 Kubernetes Unspecified vulnerability in Kubernetes

Users may have access to secure endpoints in the control plane network.

8.8
2023-03-01 CVE-2022-45608 Thingsboard Unspecified vulnerability in Thingsboard 3.4.1

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application.

8.8
2023-03-01 CVE-2023-25222 GNU Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

8.8
2023-03-01 CVE-2022-45068 Mercadopago Cross-Site Request Forgery (CSRF) vulnerability in Mercadopago Mercado Pago Payments for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1.

8.8
2023-03-01 CVE-2021-3855 Liman Command Injection vulnerability in Liman Port MYS 1.7.0

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.

8.8
2023-03-01 CVE-2023-0951 Devolutions Unspecified vulnerability in Devolutions Server

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions.

8.8
2023-03-01 CVE-2023-0953 Devolutions SQL Injection vulnerability in Devolutions Server

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.

8.8
2023-02-28 CVE-2023-25266 Docmosis Unspecified vulnerability in Docmosis Tornado

An issue was discovered in Docmosis Tornado prior to version 2.9.5.

8.8
2023-02-28 CVE-2022-43459 Captainform Cross-Site Request Forgery (CSRF) vulnerability in Captainform

Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions.

8.8
2023-02-28 CVE-2023-24419 Strategy11 Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Formidable Form Builder

Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.

8.8
2023-02-27 CVE-2022-42826 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

8.8
2023-02-27 CVE-2023-23496 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

8.8
2023-02-27 CVE-2023-23517 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

8.8
2023-02-27 CVE-2023-23518 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

8.8
2023-02-27 CVE-2023-23529 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved checks.

8.8
2023-02-27 CVE-2023-0381 TRI Unspecified vulnerability in TRI Gigpress

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks

8.8
2023-02-27 CVE-2023-24364 Simple Customer Relationship Management System Project SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel.

8.8
2023-02-27 CVE-2023-24652 Simple Customer Relationship Management System Project SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function.

8.8
2023-02-27 CVE-2023-24653 Simple Customer Relationship Management System Project SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.

8.8
2023-02-27 CVE-2023-24654 Simple Customer Relationship Management System Project SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function.

8.8
2023-02-27 CVE-2023-24656 Simple Customer Relationship Management System Project SQL Injection vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.

8.8
2023-02-27 CVE-2023-26759 Smeup OS Command Injection vulnerability in Smeup ERP Tokyov6R1M220406

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component.

8.8
2023-02-27 CVE-2023-26762 Smeup Unrestricted Upload of File with Dangerous Type vulnerability in Smeup ERP Tokyov6R1M220406

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.

8.8
2023-02-27 CVE-2023-1056 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability was found in SourceCodester Doctors Appointment System 1.0.

8.8
2023-02-27 CVE-2023-1057 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability was found in SourceCodester Doctors Appointment System 1.0.

8.8
2023-02-27 CVE-2023-1058 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0.

8.8
2023-02-27 CVE-2023-1059 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0.

8.8
2023-02-27 CVE-2023-1061 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0.

8.8
2023-02-27 CVE-2023-1062 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0.

8.8
2023-02-27 CVE-2023-1063 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical.

8.8
2023-02-27 CVE-2023-23530 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved memory handling.

8.6
2023-02-27 CVE-2023-23531 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved memory handling.

8.6
2023-03-05 CVE-2015-10088 Ayttm Project Use of Externally-Controlled Format String vulnerability in Ayttm Project Ayttm

A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89.

8.1
2023-03-02 CVE-2023-26478 Xwiki Unspecified vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.1
2023-03-01 CVE-2023-1105 Flatpress External Control of File Name or Path vulnerability in Flatpress

External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.

8.1
2023-03-01 CVE-2023-0847 Dash7 Alliance Out-of-bounds Write vulnerability in Dash7-Alliance Dash7 Alliance Protcol

The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0.

8.1
2023-02-28 CVE-2022-4895 Hitachi Improper Certificate Validation vulnerability in Hitachi products

Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.

8.1
2023-03-05 CVE-2023-27635 Debian Injection vulnerability in Debian Debmany 0.88.1

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file.

7.8
2023-03-03 CVE-2023-27566 Live2D Out-of-bounds Write vulnerability in Live2D Cubism Editor 4.2.03

Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.

7.8
2023-03-03 CVE-2023-26604 Systemd Project Unspecified vulnerability in Systemd Project Systemd

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed.

7.8
2023-03-03 CVE-2022-45988 Starsoftcomm Improper Privilege Management vulnerability in Starsoftcomm Coocare

starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload.

7.8
2023-03-03 CVE-2022-47664 Struktur Classic Buffer Overflow vulnerability in Struktur Libde265 1.0.9

Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse

7.8
2023-03-03 CVE-2022-47665 Struktur Out-of-bounds Write vulnerability in Struktur Libde265 1.0.9

Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)

7.8
2023-03-03 CVE-2023-1164 Kylinos Incorrect Authorization vulnerability in Kylinos Kylin OS

A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical.

7.8
2023-03-02 CVE-2023-1118 Linux Use After Free vulnerability in Linux Kernel

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device.

7.8
2023-03-01 CVE-2023-1127 VIM
Fedoraproject
Divide By Zero vulnerability in multiple products

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

7.8
2023-03-01 CVE-2023-23000 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value.

7.8
2023-03-01 CVE-2023-25221 Struktur
Debian
Out-of-bounds Write vulnerability in multiple products

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.

7.8
2023-03-01 CVE-2021-4326 Linuxfoundation Unspecified vulnerability in Linuxfoundation Zowe 1.16.0/2.0.0

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables.

7.8
2023-03-01 CVE-2022-27677 AMD Improper Privilege Management vulnerability in AMD Ryzen Master 2.2.0.1543

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user.

7.8
2023-02-28 CVE-2023-1017 Trustedcomputinggroup Out-of-bounds Write vulnerability in Trustedcomputinggroup Trusted Platform Module 2.0

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine.

7.8
2023-02-28 CVE-2023-20933 Google Use After Free vulnerability in Google Android

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free.

7.8
2023-02-28 CVE-2023-20934 Google Unspecified vulnerability in Google Android 12.0/12.1/13.0

In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass.

7.8
2023-02-28 CVE-2023-20937 Google Use After Free vulnerability in Google Android

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free.

7.8
2023-02-28 CVE-2023-20938 Google Use After Free vulnerability in Google Android

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation.

7.8
2023-02-28 CVE-2023-20939 Google Improper Locking vulnerability in Google Android 12.0/12.1/13.0

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking.

7.8
2023-02-28 CVE-2023-20940 Google Improper Verification of Cryptographic Signature vulnerability in Google Android 13.0

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto.

7.8
2023-02-28 CVE-2023-20943 Google Path Traversal vulnerability in Google Android

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error.

7.8
2023-02-28 CVE-2023-20944 Google Deserialization of Untrusted Data vulnerability in Google Android

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization.

7.8
2023-02-28 CVE-2023-20945 Google Out-of-bounds Write vulnerability in Google Android 10.0

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check.

7.8
2023-02-28 CVE-2023-0461 Linux Use After Free vulnerability in Linux Kernel

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation.

7.8
2023-02-28 CVE-2023-22995 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.

7.8
2023-02-27 CVE-2022-32900 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

7.8
2023-02-27 CVE-2022-32949 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

7.8
2023-02-27 CVE-2022-42797 Apple Injection vulnerability in Apple Xcode

An injection issue was addressed with improved input validation.

7.8
2023-02-27 CVE-2022-42833 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read was addressed with improved input validation.

7.8
2023-02-27 CVE-2022-46712 Apple Use After Free vulnerability in Apple Macos

A use after free issue was addressed with improved memory management.

7.8
2023-02-27 CVE-2023-23497 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

7.8
2023-02-27 CVE-2023-23504 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2023-02-27 CVE-2023-23507 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved bounds checks.

7.8
2023-02-27 CVE-2023-23514 Apple Use After Free vulnerability in Apple Ipados, Iphone OS and Macos

A use after free issue was addressed with improved memory management.

7.8
2023-02-27 CVE-2022-45697 Razer Link Following vulnerability in Razer Central

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory.

7.8
2023-03-03 CVE-2023-25402 YF Exam Project Unrestricted Upload of File with Dangerous Type vulnerability in Yf-Exam Project Yf-Exam 1.8.0

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload.

7.5
2023-03-03 CVE-2023-25403 YF Exam Project Authorization Bypass Through User-Controlled Key vulnerability in Yf-Exam Project Yf-Exam 1.8.0

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass.

7.5
2023-03-03 CVE-2023-26492 Monospace Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus

Directus is a real-time API and App dashboard for managing SQL database content.

7.5
2023-03-03 CVE-2023-27567 Openbsd Unspecified vulnerability in Openbsd 7.2

In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.

7.5
2023-03-03 CVE-2023-20079 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.

7.5
2023-03-03 CVE-2023-20088 Cisco Unspecified vulnerability in Cisco Finesse

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer.

7.5
2023-03-03 CVE-2022-45552 ZBT Unspecified vulnerability in ZBT We1626 Firmware 21.06.18

An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.

7.5
2023-03-03 CVE-2023-27560 Phpseclib Infinite Loop vulnerability in PHPseclib

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.

7.5
2023-03-03 CVE-2023-0457 Mitsubishielectric Insufficiently Protected Credentials vulnerability in Mitsubishielectric products

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.

7.5
2023-03-02 CVE-2023-0656 Sonicwall Out-of-bounds Write vulnerability in Sonicwall Sonicos

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

7.5
2023-03-02 CVE-2023-26470 Xwiki Out-of-bounds Write vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

7.5
2023-03-02 CVE-2023-26476 Xwiki Improper Restriction of Excessive Authentication Attempts vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

7.5
2023-03-02 CVE-2022-38734 Netapp Unspecified vulnerability in Netapp Storagegrid

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability.

7.5
2023-03-02 CVE-2023-0053 Sauter Controls Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls products

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management.

7.5
2023-03-01 CVE-2020-5001 IBM Path Traversal vulnerability in IBM Financial Transaction Manager

IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system.

7.5
2023-03-01 CVE-2020-5026 IBM Information Exposure Through an Error Message vulnerability in IBM Financial Transaction Manager

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

7.5
2023-03-01 CVE-2023-20014 Cisco Resource Exhaustion vulnerability in Cisco Nexus Dashboard

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests.

7.5
2023-03-01 CVE-2023-26281 IBM Improper Input Validation vulnerability in IBM Http Server 8.5.0.0

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL.

7.5
2023-02-28 CVE-2022-47075 Smartofficepayroll Unspecified vulnerability in Smartofficepayroll Smartoffice

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.

7.5
2023-02-28 CVE-2022-47076 Smartofficepayroll Unspecified vulnerability in Smartofficepayroll Smartoffice

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.

7.5
2023-02-28 CVE-2022-41722 Golang Path Traversal vulnerability in Golang GO

A path traversal vulnerability exists in filepath.Clean on Windows.

7.5
2023-02-28 CVE-2022-41723 Golang Unspecified vulnerability in Golang GO

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

7.5
2023-02-28 CVE-2022-41724 Golang Resource Exhaustion vulnerability in Golang GO

Large handshake records may cause panics in crypto/tls.

7.5
2023-02-28 CVE-2022-41725 Golang Allocation of Resources Without Limits or Throttling vulnerability in Golang GO

A denial of service is possible from excessive resource consumption in net/http and mime/multipart.

7.5
2023-02-28 CVE-2023-20948 Google Out-of-bounds Read vulnerability in Google Android 12.0/12.1/13.0

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow.

7.5
2023-02-28 CVE-2023-23689 Dell Resource Exhaustion vulnerability in Dell products

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability.

7.5
2023-02-28 CVE-2023-25264 Docmosis Improper Authentication vulnerability in Docmosis Tornado

An issue was discovered in Docmosis Tornado prior to version 2.9.5.

7.5
2023-02-28 CVE-2023-25265 Docmosis Path Traversal vulnerability in Docmosis Tornado

Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system.

7.5
2023-02-28 CVE-2023-26255 Stagil Path Traversal vulnerability in Stagil Navigation

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira.

7.5
2023-02-28 CVE-2023-26256 Stagil Path Traversal vulnerability in Stagil Navigation

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira.

7.5
2023-02-28 CVE-2023-26105 Utilities Project Unspecified vulnerability in Utilities Project Utilities

All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function.

7.5
2023-02-27 CVE-2022-32830 Apple Out-of-bounds Read vulnerability in Apple Iphone OS

An out-of-bounds read issue was addressed with improved bounds checking.

7.5
2023-02-27 CVE-2022-32836 Apple Unspecified vulnerability in Apple Music 3.9.10

This issue was addressed with improved state management.

7.5
2023-02-27 CVE-2022-32846 Apple Unspecified vulnerability in Apple Music 3.9.10

A logic issue was addressed with improved state management.

7.5
2023-02-27 CVE-2023-23519 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

7.5
2023-02-27 CVE-2023-23524 Apple Resource Exhaustion vulnerability in Apple products

A denial-of-service issue was addressed with improved input validation.

7.5
2023-02-27 CVE-2022-48230 Huawei Interpretation Conflict vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325

There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325.

7.5
2023-02-27 CVE-2022-48260 Huawei Classic Buffer Overflow vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325

There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325.

7.5
2023-02-27 CVE-2022-48261 Huawei Interpretation Conflict vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325

There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325.

7.5
2023-02-27 CVE-2022-4550 User Activity Project Authentication Bypass by Spoofing vulnerability in User Activity Project User Activity

The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing

7.5
2023-02-27 CVE-2023-0331 Correos Unspecified vulnerability in Correos Oficial

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.

7.5
2023-02-27 CVE-2023-25235 Tenda Out-of-bounds Write vulnerability in Tenda Ac500 Firmware 2.0.1.9(1307)

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid.

7.5
2023-02-27 CVE-2023-26758 Smeup Path Traversal vulnerability in Smeup ERP Tokyov6R1M220406

Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService.

7.5
2023-02-27 CVE-2023-26760 Smeup Cleartext Storage of Sensitive Information vulnerability in Smeup ERP Tokyov6R1M220406

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint.

7.5
2023-02-27 CVE-2022-40237 IBM Improper Input Validation vulnerability in IBM MQ for HPE Nonstop 8.1.0

IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic.

7.5
2023-02-27 CVE-2023-23108 Crasm Project NULL Pointer Dereference vulnerability in Crasm Project Crasm

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.

7.5
2023-02-27 CVE-2023-23109 Crasm Project Divide By Zero vulnerability in Crasm Project Crasm

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.

7.5
2023-02-27 CVE-2022-34908 Aremis Improper Authentication vulnerability in Aremis 4 Nomads 1.5.0

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android.

7.5
2023-02-27 CVE-2023-26257 Covesa Memory Leak vulnerability in Covesa Dlt-Daemon

An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8.

7.5
2023-03-01 CVE-2023-0460 Google Unsafe Reflection vulnerability in Google Youtube Android Player API 1.2/1.2.2

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App.

7.3
2023-03-03 CVE-2023-26213 Barracuda OS Command Injection vulnerability in Barracuda products

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands.

7.2
2023-03-03 CVE-2023-1165 Crmeb SQL Injection vulnerability in Crmeb 1.3.4

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4.

7.2
2023-03-01 CVE-2023-20009 Cisco Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access.

7.2
2023-03-01 CVE-2023-22758 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface.

7.2
2023-03-01 CVE-2023-22759 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface.

7.2
2023-03-01 CVE-2023-22760 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface.

7.2
2023-03-01 CVE-2023-22761 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface.

7.2
2023-03-01 CVE-2023-22762 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22763 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22764 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22765 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22766 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22767 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22768 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22769 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-03-01 CVE-2023-22770 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2023-02-28 CVE-2023-25432 Online Reviewer Management System Project SQL Injection vulnerability in Online Reviewer Management System Project Online Reviewer Management System 1.0

An issue was discovered in Online Reviewer Management System v1.0.

7.2
2023-02-28 CVE-2023-27320 Sudo Project
Fedoraproject
Double Free vulnerability in multiple products

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

7.2
2023-02-27 CVE-2023-24249 Laravel Admin Unrestricted Upload of File with Dangerous Type vulnerability in Laravel-Admin 1.8.19

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.

7.2
2023-02-27 CVE-2023-0278 Wpgeodirectory Unspecified vulnerability in Wpgeodirectory Geodirectory

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2
2023-02-27 CVE-2023-0279 Media Library Assistant Project Unspecified vulnerability in Media Library Assistant Project Media Library Assistant

The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2
2023-02-27 CVE-2023-0487 Premio SQL Injection vulnerability in Premio MY Sticky Elements

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin

7.2
2023-02-27 CVE-2023-26609 Abus Unspecified vulnerability in Abus Tvip 20000-21150 Firmware

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.

7.2
2023-02-28 CVE-2023-25540 Dell Incorrect Default Permissions vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability.

7.1
2023-02-28 CVE-2020-36652 Hitachi Incorrect Default Permissions vulnerability in Hitachi products

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

7.1
2023-02-28 CVE-2022-3884 Hitachi Incorrect Default Permissions vulnerability in Hitachi OPS Center Analyzer 10.9.000

Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.

7.1
2023-02-27 CVE-2023-1070 Teampass External Control of File Name or Path vulnerability in Teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.

7.1
2023-03-03 CVE-2023-27561 Linuxfoundation
Redhat
Debian
Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go.

7.0

243 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-01 CVE-2023-25931 Medtronic Improper Authentication vulnerability in Medtronic Interstim X Clinician and Micro Clinician

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix.

6.8
2023-02-28 CVE-2023-20857 Vmware Missing Authentication for Critical Function vulnerability in VMWare Workspace ONE Content 3.20/3.20.1/3.21

VMware Workspace ONE Content contains a passcode bypass vulnerability.

6.8
2023-03-02 CVE-2023-25536 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell Powerscale Onefs

Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor.

6.7
2023-03-01 CVE-2023-20075 Cisco OS Command Injection vulnerability in Cisco Email Security Appliance

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI.

6.7
2023-02-28 CVE-2022-20551 Google Unspecified vulnerability in Google Android 12.0/12.1/13.0

In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code.

6.7
2023-03-04 CVE-2023-1175 VIM Incorrect Calculation of Buffer Size vulnerability in VIM

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

6.6
2023-03-03 CVE-2023-1170 VIM Heap-based Buffer Overflow vulnerability in VIM

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.

6.6
2023-03-04 CVE-2023-26481 Goauthentik Insufficient Verification of Data Authenticity vulnerability in Goauthentik Authentik

authentik is an open-source Identity Provider.

6.5
2023-03-03 CVE-2023-26488 Openzeppelin Incorrect Calculation vulnerability in Openzeppelin Contracts and Contracts Upgradeable

OpenZeppelin Contracts is a library for secure smart contract development.

6.5
2023-03-03 CVE-2023-20061 Cisco Exposure of Resource to Wrong Sphere vulnerability in Cisco products

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system.

6.5
2023-03-03 CVE-2023-1163 Draytek Path Traversal vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical.

6.5
2023-03-02 CVE-2023-26473 Xwiki Unspecified vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

6.5
2023-03-02 CVE-2023-26479 Xwiki Improper Handling of Exceptional Conditions vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

6.5
2023-03-02 CVE-2021-45477 Yordam Unspecified vulnerability in Yordam Library Automation System

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.

6.5
2023-03-02 CVE-2021-45478 Yordam Unspecified vulnerability in Yordam Library Automation System

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.

6.5
2023-03-02 CVE-2023-25155 Redis Integer Overflow or Wraparound vulnerability in Redis

Redis is an in-memory database that persists on disk.

6.5
2023-03-01 CVE-2023-22738 Vantage6 Improper Preservation of Permissions vulnerability in Vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange.

6.5
2023-03-01 CVE-2023-24117 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24118 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24119 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24120 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24121 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24122 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24123 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24124 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24125 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24126 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24127 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24128 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24129 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24130 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24131 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24132 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24133 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2023-24134 Heimgardtechnologies Out-of-bounds Write vulnerability in Heimgardtechnologies Eagle 1200Ac Firmware 15.03.06.33

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.

6.5
2023-03-01 CVE-2022-3162 Kubernetes Path Traversal vulnerability in Kubernetes

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization.

6.5
2023-03-01 CVE-2022-39228 Vantage6 Information Exposure Through Discrepancy vulnerability in Vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange.

6.5
2023-03-01 CVE-2023-24567 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Networker

Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability.

6.5
2023-03-01 CVE-2023-24751 Struktur
Debian
NULL Pointer Dereference vulnerability in multiple products

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc.

6.5
2023-03-01 CVE-2023-25544 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell EMC Networker

Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability.

6.5
2023-03-01 CVE-2023-23973 A3Rev Cross-Site Request Forgery (CSRF) vulnerability in A3Rev Contact US Page - Contact People

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0.

6.5
2023-03-01 CVE-2023-0952 Devolutions Incorrect Authorization vulnerability in Devolutions Server

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization.

6.5
2023-03-01 CVE-2023-22772 Arubanetworks Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface.

6.5
2023-03-01 CVE-2023-22773 Arubanetworks Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface.

6.5
2023-03-01 CVE-2023-22774 Arubanetworks Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface.

6.5
2023-03-01 CVE-2023-22775 Arubanetworks Exposure of Resource to Wrong Sphere vulnerability in Arubanetworks Arubaos and Sd-Wan

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface.

6.5
2023-03-01 CVE-2023-22777 Arubanetworks Exposure of Resource to Wrong Sphere vulnerability in Arubanetworks Arubaos and Sd-Wan

An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface.

6.5
2023-03-01 CVE-2023-24045 Dataiku Unrestricted Upload of File with Dangerous Type vulnerability in Dataiku Data Science Studio

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request.

6.5
2023-02-28 CVE-2022-23240 Netapp Unspecified vulnerability in Netapp Active IQ Unified Manager

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.

6.5
2023-02-28 CVE-2023-25575 API Platform Incorrect Authorization vulnerability in Api-Platform Core

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs.

6.5
2023-02-27 CVE-2023-26043 Geosolutionsgroup XXE vulnerability in Geosolutionsgroup Geonode

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data.

6.5
2023-02-27 CVE-2022-32784 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved UI handling.

6.5
2023-02-27 CVE-2023-23512 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved handling of caches.

6.5
2023-02-27 CVE-2023-27263 Mattermost Missing Authorization vulnerability in Mattermost

A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.

6.5
2023-02-27 CVE-2023-27264 Mattermost Missing Authorization vulnerability in Mattermost

A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.

6.5
2023-02-27 CVE-2022-31405 MV Idigital Clinic Enterprise Project Cleartext Storage of Sensitive Information vulnerability in MV Idigital Clinic Enterprise Project MV Idigital Clinic Enterprise 1.0

MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.

6.5
2023-02-27 CVE-2022-32844 Apple Race Condition vulnerability in Apple products

A race condition was addressed with improved state handling.

6.3
2023-03-01 CVE-2023-0567 PHP Use of Password Hash With Insufficient Computational Effort vulnerability in PHP

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid.

6.2
2023-03-05 CVE-2023-27641 Lsoft Cross-site Scripting vulnerability in Lsoft Listserv

The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.

6.1
2023-03-05 CVE-2014-125092 Maxfoundry Cross-site Scripting vulnerability in Maxfoundry Maxbuttons

A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic.

6.1
2023-03-05 CVE-2022-4927 Ualberta Unspecified vulnerability in Ualberta Neosdiscovery 1.0.70

A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic.

6.1
2023-03-05 CVE-2015-10089 Flame JS Project Cross-site Scripting vulnerability in Flame.Js Project Flame.Js

A vulnerability classified as problematic has been found in flame.js.

6.1
2023-03-05 CVE-2023-1180 Health Center Patient Record Management System Project Cross-site Scripting vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0

A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic.

6.1
2023-03-05 CVE-2008-10002 Ajaxlife Project Cross-site Scripting vulnerability in Ajaxlife Project Ajaxlife

A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic.

6.1
2023-03-04 CVE-2014-125090 Media Downloader Project Cross-site Scripting vulnerability in Media Downloader Project Media Downloader 0.1.992

A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress.

6.1
2023-03-04 CVE-2020-36665 Seotool Project Open Redirect vulnerability in Seotool Project Seotool

A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical.

6.1
2023-03-04 CVE-2020-36664 Seotool Project Open Redirect vulnerability in Seotool Project Seotool

A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic.

6.1
2023-03-04 CVE-2020-36663 Seotool Project Open Redirect vulnerability in Seotool Project Seotool

A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1.

6.1
2023-03-04 CVE-2023-26486 Vega Functions Project
Vega Project
Cross-site Scripting vulnerability in multiple products

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.

6.1
2023-03-04 CVE-2023-26487 Vega Functions Project
Vega Project
Cross-site Scripting vulnerability in multiple products

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument.

6.1
2023-03-03 CVE-2023-26047 Kitabisa Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Kitabisa Teler-Waf

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks.

6.1
2023-03-03 CVE-2023-26491 Rsshub Cross-site Scripting vulnerability in Rsshub 20210125/20230110

RSSHub is an open source and extensible RSS feed generator.

6.1
2023-03-03 CVE-2023-0968 Kibokolabs Unspecified vulnerability in Kibokolabs Watu Quiz

The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping.

6.1
2023-03-03 CVE-2023-23313 Draytek Cross-site Scripting vulnerability in Draytek products

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal.

6.1
2023-03-03 CVE-2022-2837 Coredns IO Open Redirect vulnerability in Coredns.Io Coredns

A flaw was found in coreDNS.

6.1
2023-03-03 CVE-2023-20104 Cisco Cross-site Scripting vulnerability in Cisco Webex Teams

A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

6.1
2023-03-03 CVE-2023-0577 Asosegitim Cross-site Scripting vulnerability in Asosegitim Sobiad

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.

6.1
2023-03-03 CVE-2023-0578 Asosegitim Cross-site Scripting vulnerability in Asosegitim Bookcites

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.

6.1
2023-03-02 CVE-2023-0084 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping.

6.1
2023-03-02 CVE-2023-1156 Health Center Patient Record Management System Project Cross-site Scripting vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0

A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0.

6.1
2023-03-02 CVE-2023-1106 Flatpress Cross-site Scripting vulnerability in Flatpress

Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.

6.1
2023-03-02 CVE-2023-26046 Kitabisa Cross-site Scripting vulnerability in Kitabisa Teler-Waf 0.0.1/0.1.0

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks.

6.1
2023-03-01 CVE-2023-1131 Computer Parts Sales AND Inventory System Project Cross-site Scripting vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0

A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic.

6.1
2023-03-01 CVE-2022-4901 Sophos Cross-site Scripting vulnerability in Sophos Connect

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

6.1
2023-03-01 CVE-2023-20053 Cisco Cross-site Scripting vulnerability in Cisco Nexus Dashboard

A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation.

6.1
2023-03-01 CVE-2023-20085 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine 3.2

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device.

6.1
2023-03-01 CVE-2022-38220 Quest Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance

An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.

6.1
2023-02-28 CVE-2023-27293 Opencats Cross-site Scripting vulnerability in Opencats 0.9.6

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission.

6.1
2023-02-28 CVE-2023-1080 Gnpublisher Unspecified vulnerability in Gnpublisher GN Publisher

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping.

6.1
2023-02-27 CVE-2022-32891 Apple Improper Restriction of Rendered UI Layers or Frames vulnerability in Apple products

The issue was addressed with improved UI handling.

6.1
2023-02-27 CVE-2023-0043 ADD User Project Cross-site Scripting vulnerability in ADD User Project ADD User

The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-02-27 CVE-2023-0334 Shortpixel Unspecified vulnerability in Shortpixel Adaptive Images

The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin

6.1
2023-02-27 CVE-2022-45137 Wago Cross-site Scripting vulnerability in Wago products

The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser.

6.1
2023-02-27 CVE-2023-26042 Part DB Project Cross-site Scripting vulnerability in Part-Db Project Part-Db

Part-DB is an open source inventory management system for your electronic components.

6.1
2023-02-27 CVE-2021-32302 IRZ Cross-site Scripting vulnerability in IRZ Ruh2 Firmware

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter.

6.1
2023-02-28 CVE-2023-27371 GNU Out-of-bounds Read vulnerability in GNU Libmicrohttpd

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method.

5.9
2023-02-27 CVE-2021-46841 Apple Unspecified vulnerability in Apple Music 3.5.0

This issue was addressed by using HTTPS when sending information over the network.

5.9
2023-02-27 CVE-2023-23520 Apple Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple Ipados and Iphone OS

A race condition was addressed with additional validation.

5.9
2023-03-05 CVE-2023-26510 Ghost Missing Authorization vulnerability in Ghost 5.35.0

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor.

5.7
2023-03-04 CVE-2021-36689 Samourai Wallet Android Project Weak Password Requirements vulnerability in Samourai-Wallet-Android Project Samourai-Wallet-Android 0.99.96I

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file.

5.5
2023-03-03 CVE-2022-4645 Libtiff Out-of-bounds Read vulnerability in Libtiff

LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2023-03-03 CVE-2023-1160 Agentejo Use of Platform-Dependent Third Party Components vulnerability in Agentejo Cockpit

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.

5.5
2023-03-02 CVE-2023-1157 ELF Parser Project Improper Resource Shutdown or Release vulnerability in Elf-Parser Project Elf-Parser

A vulnerability, which was classified as problematic, was found in finixbit elf-parser.

5.5
2023-03-01 CVE-2023-23001 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-03-01 CVE-2023-23002 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-03-01 CVE-2023-23004 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-03-01 CVE-2023-23005 Linux
Suse
NULL Pointer Dereference vulnerability in multiple products

In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-03-01 CVE-2023-23006 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-03-01 CVE-2022-48310 Sophos Cleartext Storage of Sensitive Information vulnerability in Sophos Connect

An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.

5.5
2023-03-01 CVE-2022-36021 Redis Algorithmic Complexity vulnerability in Redis

Redis is an in-memory database that persists on disk.

5.5
2023-03-01 CVE-2023-24752 Struktur
Debian
NULL Pointer Dereference vulnerability in multiple products

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc.

5.5
2023-03-01 CVE-2023-24754 Struktur
Debian
NULL Pointer Dereference vulnerability in multiple products

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc.

5.5
2023-03-01 CVE-2023-24755 Struktur
Debian
NULL Pointer Dereference vulnerability in multiple products

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc.

5.5
2023-03-01 CVE-2023-24756 Struktur
Debian
NULL Pointer Dereference vulnerability in multiple products

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc.

5.5
2023-03-01 CVE-2023-24757 Struktur
Debian
NULL Pointer Dereference vulnerability in multiple products

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc.

5.5
2023-03-01 CVE-2023-24758 Struktur
Debian
NULL Pointer Dereference vulnerability in multiple products

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc.

5.5
2023-03-01 CVE-2022-37935 HP Unspecified vulnerability in HP Oneview for VMWare Vcenter

HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password.

5.5
2023-02-28 CVE-2023-1095 Linux
Redhat
NULL Pointer Dereference vulnerability in multiple products

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object.

5.5
2023-02-28 CVE-2023-22996 Linux Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel

In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.

5.5
2023-02-28 CVE-2023-22997 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-02-28 CVE-2023-22998 Linux Interpretation Conflict vulnerability in Linux Kernel

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-02-28 CVE-2023-22999 Linux NULL Pointer Dereference vulnerability in Linux Kernel

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

5.5
2023-02-28 CVE-2022-41727 Golang
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig.

5.5
2023-02-28 CVE-2023-1018 Trustedcomputinggroup Out-of-bounds Read vulnerability in Trustedcomputinggroup Trusted Platform Module 2.0

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine.

5.5
2023-02-28 CVE-2022-20455 Google Resource Exhaustion vulnerability in Google Android

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion.

5.5
2023-02-28 CVE-2022-20481 Google Unspecified vulnerability in Google Android

In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset.

5.5
2023-02-28 CVE-2021-22283 ABB Improper Initialization vulnerability in ABB products

Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.

5.5
2023-02-27 CVE-2023-1055 Redhat
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

A flaw was found in RHDS 11 and RHDS 12.

5.5
2023-02-27 CVE-2022-22582 Apple Link Following vulnerability in Apple mac OS X and Macos

A validation issue existed in the handling of symlinks.

5.5
2023-02-27 CVE-2022-22668 Apple Unspecified vulnerability in Apple Iphone OS

A logic issue was addressed with improved restrictions.

5.5
2023-02-27 CVE-2022-32824 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

5.5
2023-02-27 CVE-2022-32855 Apple Unspecified vulnerability in Apple Iphone OS

A logic issue was addressed with improved state management.

5.5
2023-02-27 CVE-2022-32896 Apple Unspecified vulnerability in Apple Macos

This issue was addressed by enabling hardened runtime.

5.5
2023-02-27 CVE-2022-32902 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

5.5
2023-02-27 CVE-2022-46704 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

5.5
2023-02-27 CVE-2023-23499 Apple Unspecified vulnerability in Apple products

This issue was addressed by enabling hardened runtime.

5.5
2023-02-27 CVE-2023-23500 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

5.5
2023-02-27 CVE-2023-23501 Apple Exposure of Resource to Wrong Sphere vulnerability in Apple Macos

The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2.

5.5
2023-02-27 CVE-2023-23502 Apple Unspecified vulnerability in Apple products

An information disclosure issue was addressed by removing the vulnerable code.

5.5
2023-02-27 CVE-2023-23503 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.5
2023-02-27 CVE-2023-23506 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with improved validation.

5.5
2023-02-27 CVE-2023-23508 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

5.5
2023-02-27 CVE-2023-23510 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed with improved validation.

5.5
2023-02-27 CVE-2023-23511 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

5.5
2023-02-27 CVE-2023-23522 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed with improved handling of temporary files.

5.5
2023-02-27 CVE-2022-48305 Huawei Unspecified vulnerability in Huawei Simba-Al00 Firmware 1.1.1.274

There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274.

5.5
2023-02-27 CVE-2022-34910 Aremis Cleartext Storage of Sensitive Information vulnerability in Aremis 4 Nomads

An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android.

5.5
2023-03-05 CVE-2006-10001 Pluginmirror Cross-site Scripting vulnerability in Pluginmirror Subscribe to Comments

A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress.

5.4
2023-03-05 CVE-2023-1181 Easyimages2 0 Project Cross-site Scripting vulnerability in Easyimages2.0 Project Easyimages2.0

Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.

5.4
2023-03-05 CVE-2023-1179 Computer Parts Sales AND Inventory System Project Cross-site Scripting vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0.

5.4
2023-03-03 CVE-2023-23927 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS

Craft is a platform for creating digital experiences.

5.4
2023-03-03 CVE-2023-20069 Cisco Cross-site Scripting vulnerability in Cisco Prime Infrastructure

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.

5.4
2023-03-02 CVE-2022-35645 IBM Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting.

5.4
2023-03-02 CVE-2023-26056 Xwiki Incorrect Authorization vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

5.4
2023-03-02 CVE-2023-1155 Nicdark Unspecified vulnerability in Nicdark Cost Calculator

The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping.

5.4
2023-03-02 CVE-2023-26480 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

5.4
2023-03-02 CVE-2021-45479 Yordam Cross-site Scripting vulnerability in Yordam Library Automation System

Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2.

5.4
2023-03-02 CVE-2023-1149 Btcpayserver Improper Neutralization of Equivalent Special Elements vulnerability in Btcpayserver Btcpay Server

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.

5.4
2023-03-02 CVE-2023-1146 Flatpress Cross-site Scripting vulnerability in Flatpress

Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4
2023-03-02 CVE-2023-1147 Flatpress Cross-site Scripting vulnerability in Flatpress

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4
2023-03-02 CVE-2023-1107 Flatpress Cross-site Scripting vulnerability in Flatpress

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4
2023-03-02 CVE-2023-22462 Grafana Cross-site Scripting vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

5.4
2023-03-01 CVE-2023-0507 Grafana Cross-site Scripting vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

5.4
2023-03-01 CVE-2023-0594 Grafana Cross-site Scripting vulnerability in Grafana

Grafana is an open-source platform for monitoring and observability.

5.4
2023-03-01 CVE-2022-46798 Hasthemes Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Woolentor - Woocommerce Elementor Addons + Builder

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

5.4
2023-03-01 CVE-2022-46805 Wptrio Cross-Site Request Forgery (CSRF) vulnerability in Wptrio Conditional Shipping for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin rulesets.

5.4
2023-03-01 CVE-2022-45804 Robogallery Cross-Site Request Forgery (CSRF) vulnerability in Robogallery Robo Gallery

Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate.

5.4
2023-03-01 CVE-2023-1115 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

5.4
2023-03-01 CVE-2023-1116 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

5.4
2023-03-01 CVE-2023-1117 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

5.4
2023-03-01 CVE-2023-23974 Fullworksplugins Cross-Site Request Forgery (CSRF) vulnerability in Fullworksplugins Quick Event Manager

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

5.4
2023-03-01 CVE-2023-23984 WOW Company Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.

5.4
2023-03-01 CVE-2023-1104 Flatpress Cross-site Scripting vulnerability in Flatpress

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

5.4
2023-03-01 CVE-2023-26608 Vxcontrol Cross-site Scripting vulnerability in Vxcontrol Soldr 1.1.0

SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor.

5.4
2023-02-28 CVE-2023-27292 Opencats Open Redirect vulnerability in Opencats 0.9.6

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.

5.4
2023-02-28 CVE-2023-27294 Opencats Cross-site Scripting vulnerability in Opencats 0.9.6

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event.

5.4
2023-02-28 CVE-2023-27295 Opencats Cross-Site Request Forgery (CSRF) vulnerability in Opencats 0.9.6

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests.

5.4
2023-02-28 CVE-2023-25807 Dataease Cross-site Scripting vulnerability in Dataease

DataEase is an open source data visualization and analysis tool.

5.4
2023-02-28 CVE-2023-23983 Wpdevart Cross-Site Request Forgery (CSRF) vulnerability in Wpdevart Responsive Vertical Icon Menu

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion.

5.4
2023-02-27 CVE-2022-4679 Wufoo Unspecified vulnerability in Wufoo Shortcode

The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-27 CVE-2022-4757 List Pages Shortcode Project Unspecified vulnerability in List Pages Shortcode Project List Pages Shortcode

The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-27 CVE-2022-4788 Embed PDF Project Unspecified vulnerability in Embed PDF Project Embed PDF

The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-27 CVE-2022-4795 Galleries BY Angie Makes Project Unspecified vulnerability in Galleries BY Angie Makes Project Galleries BY Angie Makes

The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-02-27 CVE-2022-4829 Show Hide Collapse Expand Project Unspecified vulnerability in Show-Hide / Collapse-Expand Project Show-Hide / Collapse-Expand

The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

5.4
2023-02-27 CVE-2023-0168 Olevmedia Unspecified vulnerability in Olevmedia Shortcodes

The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-27 CVE-2023-0230 Vektor INC Unspecified vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-27 CVE-2023-0535 Donation Block FOR Paypal Project Unspecified vulnerability in Donation Block for Paypal Project Donation Block for Paypal

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-27 CVE-2023-0539 Gsplugins Cross-site Scripting vulnerability in Gsplugins GS Insever Portfolio

The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-02-27 CVE-2023-0552 Genetechsolutions Unspecified vulnerability in Genetechsolutions PIE Register

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability

5.4
2023-02-27 CVE-2023-23157 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul ART Gallery Management System 1.0

A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.

5.4
2023-02-27 CVE-2023-23158 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul ART Gallery Management System 1.0

A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page.

5.4
2023-02-27 CVE-2023-24251 Wangeditor Cross-site Scripting vulnerability in Wangeditor

WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js.

5.4
2023-02-27 CVE-2023-24651 Simple Customer Relationship Management System Project Cross-site Scripting vulnerability in Simple Customer Relationship Management System Project Simple Customer Relationship Management System 1.0

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page.

5.4
2023-02-27 CVE-2023-22860 IBM Cross-site Scripting vulnerability in IBM Cloud PAK for Business Automation

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting.

5.4
2023-02-27 CVE-2023-1067 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

5.4
2023-03-05 CVE-2023-0734 Wallabag Improper Authorization vulnerability in Wallabag

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.

5.3
2023-03-04 CVE-2023-25819 Discourse Information Exposure vulnerability in Discourse

Discourse is an open source platform for community discussion.

5.3
2023-03-03 CVE-2023-26483 Gosaml2 Project Unspecified vulnerability in Gosaml2 Project Gosaml2

gosaml2 is a Pure Go implementation of SAML 2.0.

5.3
2023-03-02 CVE-2023-26052 Saleor Information Exposure Through an Error Message vulnerability in Saleor

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences.

5.3
2023-03-02 CVE-2023-0085 Wpmet Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1.

5.3
2023-03-02 CVE-2023-25806 Amazon Information Exposure Through Discrepancy vulnerability in Amazon Opensearch and Opensearch Security

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization.

5.3
2023-03-01 CVE-2022-20952 Cisco Unspecified vulnerability in Cisco Asyncos

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. This vulnerability exists because malformed, encoded traffic is not properly detected.

5.3
2023-03-01 CVE-2023-20052 Cisco
Clamav
Stormshield
XML Entity Expansion vulnerability in multiple products

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection.

5.3
2023-02-28 CVE-2023-1065 Snyk Improper Authentication vulnerability in Snyk Kubernetes Monitor

This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues.

5.3
2023-02-27 CVE-2020-9846 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

5.3
2023-02-27 CVE-2022-32906 Apple Unspecified vulnerability in Apple Music 3.4.0/3.5.0

This issue was addressed with using HTTPS when sending information over the network.

5.3
2023-02-27 CVE-2022-45139 Wago Origin Validation Error vulnerability in Wago products

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver.

5.3
2023-03-01 CVE-2023-22776 Arubanetworks Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan

An authenticated path traversal vulnerability exists in the ArubaOS command line interface.

4.9
2023-03-02 CVE-2023-1148 Flatpress Cross-site Scripting vulnerability in Flatpress

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

4.8
2023-03-01 CVE-2023-1113 Simple Payroll System With Dynamic TAX Bracket Project Cross-site Scripting vulnerability in Simple Payroll System With Dynamic TAX Bracket Project Simple Payroll System With Dynamic TAX Bracket 1.0

A vulnerability was found in SourceCodester Simple Payroll System 1.0.

4.8
2023-03-01 CVE-2023-22778 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Arubaos and Sd-Wan

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.

4.8
2023-02-28 CVE-2022-23239 Netapp Cross-site Scripting vulnerability in Netapp Active IQ Unified Manager

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.

4.8
2023-02-28 CVE-2023-25431 Online Reviewer Management System Project Cross-site Scripting vulnerability in Online Reviewer Management System Project Online Reviewer Management System 1.0

An issue was discovered in Online Reviewer Management System v1.0.

4.8
2023-02-28 CVE-2023-1081 Microweber Cross-site Scripting vulnerability in Microweber

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.

4.8
2023-02-27 CVE-2023-0543 Kibokolabs Unspecified vulnerability in Kibokolabs Arigato Autoresponder and Newsletter

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2023-02-27 CVE-2023-0548 Kibokolabs Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS

The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-03-01 CVE-2022-27672 AMD Unspecified vulnerability in AMD products

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

4.7
2023-02-27 CVE-2022-46713 Apple Race Condition vulnerability in Apple Macos

A race condition was addressed with additional validation.

4.7
2023-03-02 CVE-2022-40633 Rittal Unspecified vulnerability in Rittal CMC III Firmware

A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.

4.6
2023-02-27 CVE-2022-48254 Huawei Unspecified vulnerability in Huawei Leia-B29 Firmware Leiab292.0.0.49(M03)

There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03).

4.6
2023-03-03 CVE-2022-2835 Coredns IO Unspecified vulnerability in Coredns.Io Coredns

A flaw was found in coreDNS.

4.4
2023-03-03 CVE-2023-20062 Cisco Server-Side Request Forgery (SSRF) vulnerability in Cisco products

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system.

4.3
2023-03-02 CVE-2023-26051 Saleor Information Exposure Through an Error Message vulnerability in Saleor

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences.

4.3
2023-03-01 CVE-2022-48309 Sophos Cross-Site Request Forgery (CSRF) vulnerability in Sophos Connect

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

4.3
2023-03-01 CVE-2022-46806 Villatheme Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Cart ALL in ONE for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.

4.3
2023-03-01 CVE-2022-47148 Wpovernight Cross-Site Request Forgery (CSRF) vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips

Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.

4.3
2023-03-01 CVE-2022-38468 Imagely Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.

4.3
2023-03-01 CVE-2022-40198 Standalonetech Cross-Site Request Forgery (CSRF) vulnerability in Standalonetech Terawallet

Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change.

4.3
2023-03-01 CVE-2022-46797 Tatvic Cross-Site Request Forgery (CSRF) vulnerability in Tatvic Conversios.Io

Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.

4.3
2023-02-28 CVE-2022-47179 Ujsoftware Cross-Site Request Forgery (CSRF) vulnerability in Ujsoftware OWM Weather

Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.

4.3
2023-02-28 CVE-2022-47612 Xnau Cross-Site Request Forgery (CSRF) vulnerability in Xnau Participants Database

Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.

4.3
2023-02-28 CVE-2023-23865 Checkoutplugins Cross-Site Request Forgery (CSRF) vulnerability in Checkoutplugins Stripe Payments for Woocommerce

Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change.

4.3
2023-02-28 CVE-2023-23992 Automatorwp Cross-Site Request Forgery (CSRF) vulnerability in Automatorwp 1.7.6/2.5.0

Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete.

4.3
2023-02-28 CVE-2023-1022 Joomunited Unspecified vulnerability in Joomunited WP Meta SEO

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3.

4.3
2023-02-28 CVE-2023-1023 Joomunited Unspecified vulnerability in Joomunited WP Meta SEO

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3.

4.3
2023-02-28 CVE-2023-1024 Joomunited Unspecified vulnerability in Joomunited WP Meta SEO

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3.

4.3
2023-02-28 CVE-2023-1026 Joomunited Unspecified vulnerability in Joomunited WP Meta SEO

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3.

4.3
2023-02-28 CVE-2023-1027 Joomunited Missing Authorization vulnerability in Joomunited WP Meta SEO

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3.

4.3
2023-02-28 CVE-2023-1028 Joomunited Unspecified vulnerability in Joomunited WP Meta SEO

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3.

4.3
2023-02-27 CVE-2023-26041 Nextcloud Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Talk

Nextcloud Talk is a fully on-premises audio/video and chat communication service.

4.3
2023-02-27 CVE-2022-46705 Apple Unspecified vulnerability in Apple products

A spoofing issue existed in the handling of URLs.

4.3
2023-02-27 CVE-2023-1068 Read More Excerpt Link Project Unspecified vulnerability in Read More Excerpt Link Project Read More Excerpt Link

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0.

4.3
2023-03-01 CVE-2023-23003 Linux Unchecked Return Value vulnerability in Linux Kernel

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-03 CVE-2022-41862 Postgresql
Fedoraproject
Redhat
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption.
3.7
2023-03-02 CVE-2023-0196 Nvidia NULL Pointer Dereference vulnerability in Nvidia Cuda Toolkit

NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.

3.3
2023-02-28 CVE-2023-20932 Google Improper Input Validation vulnerability in Google Android

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation.

3.3
2023-02-27 CVE-2022-42838 Apple Operation on a Resource after Expiration or Release vulnerability in Apple Macos

An issue with app access to camera data was addressed with improved logic.

3.3
2023-02-27 CVE-2023-23493 Apple Improper Authentication vulnerability in Apple Macos

A logic issue was addressed with improved state management.

3.3
2023-02-27 CVE-2023-23498 Apple Unspecified vulnerability in Apple Ipados, Iphone OS and Macos

A logic issue was addressed with improved state management.

3.3
2023-02-27 CVE-2023-23505 Apple Information Exposure Through Log Files vulnerability in Apple products

A privacy issue was addressed with improved private data redaction for log entries.

3.3
2023-02-27 CVE-2023-22636 Fortinet Unspecified vulnerability in Fortinet Fortiweb

An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.

3.3
2023-02-27 CVE-2023-27265 Mattermost Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

2.7
2023-02-27 CVE-2023-27266 Mattermost Information Exposure vulnerability in Mattermost Server

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.

2.7
2023-03-01 CVE-2023-22771 Arubanetworks Insufficient Session Expiration vulnerability in Arubanetworks Arubaos and Sd-Wan

An insufficient session expiration vulnerability exists in the ArubaOS command line interface.

2.4