Weekly Vulnerabilities Reports > March 6 to 12, 2023

Overview

486 new vulnerabilities reported during this period, including 83 critical vulnerabilities and 140 high severity vulnerabilities. This weekly summary report vulnerabilities in 777 products from 204 vendors including Google, Qualcomm, Fortinet, Gitlab, and Rapidload. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Missing Authorization", "Improper Input Validation", and "Use After Free".

  • 363 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 164 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 252 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 77 reported vulnerabilities.
  • Funadmin has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

83 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-08 CVE-2023-27482 Home Assistant Improper Authentication vulnerability in Home-Assistant Supervisor

homeassistant is an open source home automation tool.

10.0
2023-03-08 CVE-2023-26489 Bytecodealliance Out-of-bounds Write vulnerability in Bytecodealliance Cranelift-Codegen and Wasmtime

wasmtime is a fast and secure runtime for WebAssembly.

9.9
2023-03-07 CVE-2023-27479 Xwiki Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

9.9
2023-03-12 CVE-2023-1357 Simple Bakery Shop Management System Project SQL Injection vulnerability in Simple Bakery Shop Management System Project Simple Bakery Shop Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0.

9.8
2023-03-12 CVE-2023-1358 Gadget Works Online Ordering System Project SQL Injection vulnerability in Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0.

9.8
2023-03-12 CVE-2022-48367 Ibexa Missing Authorization vulnerability in Ibexa products

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28.

9.8
2023-03-11 CVE-2023-1351 Computer Parts Sales AND Inventory System Project SQL Injection vulnerability in Computer Parts Sales and Inventory System Project Computer Parts Sales and Inventory System 1.0

A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0.

9.8
2023-03-11 CVE-2023-1350 Liferea Project OS Command Injection vulnerability in Liferea Project Liferea

A vulnerability was found in liferea.

9.8
2023-03-10 CVE-2022-33256 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption due to improper validation of array index in Multi-mode call processor.

9.8
2023-03-10 CVE-2022-40515 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

9.8
2023-03-10 CVE-2022-40537 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

9.8
2023-03-10 CVE-2023-1198 Saysis SQL Injection vulnerability in Saysis Starcities 1.1/1.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3.

9.8
2023-03-10 CVE-2023-25143 Trendmicro Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/2019

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.

9.8
2023-03-10 CVE-2023-27852 Netgear Classic Buffer Overflow vulnerability in Netgear Rax30 Firmware

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.

9.8
2023-03-10 CVE-2023-27853 Netgear Classic Buffer Overflow vulnerability in Netgear Rax30 Firmware

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.

9.8
2023-03-10 CVE-2023-26075 Samsung Classic Buffer Overflow vulnerability in Samsung products

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.

9.8
2023-03-10 CVE-2021-33360 Stoqey Unspecified vulnerability in Stoqey Gnuplot

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).

9.8
2023-03-10 CVE-2023-1321 Lmxcms SQL Injection vulnerability in Lmxcms 1.41

A vulnerability has been found in lmxcms 1.41 and classified as critical.

9.8
2023-03-10 CVE-2023-1322 Lmxcms SQL Injection vulnerability in Lmxcms 1.41

A vulnerability was found in lmxcms 1.41 and classified as critical.

9.8
2023-03-10 CVE-2023-24774 Funadmin SQL Injection vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.

9.8
2023-03-10 CVE-2023-1091 Alpatateknoloji SQL Injection vulnerability in Alpatateknoloji Licensed Warehousing Automation System 2023.1.01

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01.

9.8
2023-03-10 CVE-2023-1308 Online Graduate Tracer System Project SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0

A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0.

9.8
2023-03-10 CVE-2023-1309 Online Graduate Tracer System Project SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0

A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0.

9.8
2023-03-10 CVE-2023-1310 Online Graduate Tracer System Project SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0.

9.8
2023-03-10 CVE-2023-1311 Friendly Island Pizza Website AND Ordering System Project SQL Injection vulnerability in Friendly Island Pizza Website and Ordering System Project Friendly Island Pizza Website and Ordering System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0.

9.8
2023-03-10 CVE-2023-1307 Froxlor Authentication Bypass by Primary Weakness vulnerability in Froxlor

Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.

9.8
2023-03-09 CVE-2023-1300 Covid 19 Testing Management System Project SQL Injection vulnerability in Covid 19 Testing Management System Project Covid 19 Testing Management System 1.0

A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0.

9.8
2023-03-09 CVE-2023-1301 Friendly Island Pizza Website AND Ordering System Project SQL Injection vulnerability in Friendly Island Pizza Website and Ordering System Project Friendly Island Pizza Website and Ordering System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0.

9.8
2023-03-09 CVE-2023-1303 Ucms Project Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6

A vulnerability was found in UCMS 1.6 and classified as critical.

9.8
2023-03-09 CVE-2023-27202 Best POS Management System Project SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.

9.8
2023-03-09 CVE-2023-27203 Best POS Management System Project SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php.

9.8
2023-03-09 CVE-2023-27204 Best POS Management System Project SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.

9.8
2023-03-09 CVE-2023-27205 Best POS Management System Project SQL Injection vulnerability in Best POS Management System Project Best POS Management System 1.0

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.

9.8
2023-03-09 CVE-2023-27207 Online Pizza Ordering System Project SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.

9.8
2023-03-09 CVE-2023-27210 Online Pizza Ordering System Project SQL Injection vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.

9.8
2023-03-09 CVE-2023-27213 Online Student Management System Project SQL Injection vulnerability in Online Student Management System Project Online Student Management System 1.0

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.

9.8
2023-03-09 CVE-2023-27214 Online Student Management System Project SQL Injection vulnerability in Online Student Management System Project Online Student Management System 1.0

Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php.

9.8
2023-03-09 CVE-2023-1287 3DS Code Injection vulnerability in 3DS Enovia Live Collaboration

An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.

9.8
2023-03-09 CVE-2023-1290 Sales Tracker Management System Project SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0.

9.8
2023-03-09 CVE-2023-1291 Sales Tracker Management System Project SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0.

9.8
2023-03-09 CVE-2023-1292 Sales Tracker Management System Project SQL Injection vulnerability in Sales Tracker Management System Project Sales Tracker Management System 1.0

A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical.

9.8
2023-03-09 CVE-2023-1294 File Tracker Manager System Project SQL Injection vulnerability in File Tracker Manager System Project File Tracker Management System 1.0

A vulnerability was found in SourceCodester File Tracker Manager System 1.0.

9.8
2023-03-09 CVE-2023-1251 Akinsoft SQL Injection vulnerability in Akinsoft Wolvox

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.

9.8
2023-03-09 CVE-2023-26109 Node Bluetooth Serial Port Project Classic Buffer Overflow vulnerability in Node-Bluetooth-Serial-Port Project Node-Bluetooth-Serial-Port

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.

9.8
2023-03-09 CVE-2023-26110 Node Bluetooth Project Classic Buffer Overflow vulnerability in Node-Bluetooth Project Node-Bluetooth

All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.

9.8
2023-03-08 CVE-2021-33352 Wyomind Unrestricted Upload of File with Dangerous Type vulnerability in Wyomind Help Desk

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.

9.8
2023-03-08 CVE-2021-33353 Wyomind Path Traversal vulnerability in Wyomind Help Desk

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.

9.8
2023-03-08 CVE-2023-1283 Builder Code Injection vulnerability in Builder Qwik

Code Injection in GitHub repository builderio/qwik prior to 0.21.0.

9.8
2023-03-08 CVE-2023-24777 Funadmin SQL Injection vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.

9.8
2023-03-08 CVE-2023-22889 Smartbear Code Injection vulnerability in Smartbear Zephyr Enterprise

SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation.

9.8
2023-03-08 CVE-2023-24782 Funadmin SQL Injection vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.

9.8
2023-03-08 CVE-2023-24773 Funadmin SQL Injection vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.

9.8
2023-03-08 CVE-2023-26922 Variscite SQL Injection vulnerability in Variscite Matrix-Gui 2.0

SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint.

9.8
2023-03-08 CVE-2023-26261 Ubikasec Injection vulnerability in Ubikasec Waap Cloud and Waap Gateway

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user.

9.8
2023-03-08 CVE-2023-25395 Totolink OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024

TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.

9.8
2023-03-08 CVE-2023-1267 Pttemkart SQL Injection vulnerability in Pttemkart Pttem Kart

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1.

9.8
2023-03-08 CVE-2023-1269 Easyappointments Use of Hard-coded Credentials vulnerability in Easyappointments

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

9.8
2023-03-08 CVE-2023-23638 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.

9.8
2023-03-08 CVE-2023-0090 Proofpoint Code Injection vulnerability in Proofpoint Enterprise Protection

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'.

9.8
2023-03-08 CVE-2023-24780 Funadmin SQL Injection vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

9.8
2023-03-07 CVE-2023-24775 Funadmin SQL Injection vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

9.8
2023-03-07 CVE-2023-25690 Apache HTTP Request Smuggling vulnerability in Apache Http Server

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.

9.8
2023-03-07 CVE-2023-1253 Health Center Patient Record Management System Project SQL Injection vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0.

9.8
2023-03-07 CVE-2023-24781 Funadmin SQL Injection vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.

9.8
2023-03-07 CVE-2022-3760 Miateknoloji SQL Injection vulnerability in Miateknoloji Mia-Med

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.

9.8
2023-03-06 CVE-2008-10004 Email Registration Project SQL Injection vulnerability in Email Registration Project Email Registration 5.X2.1

A vulnerability was found in Email Registration 5.x-2.1 on Drupal.

9.8
2023-03-06 CVE-2022-45141 Samba Inadequate Encryption Strength vulnerability in Samba

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

9.8
2023-03-06 CVE-2021-36392 Moodle SQL Injection vulnerability in Moodle

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.

9.8
2023-03-06 CVE-2021-36393 Moodle SQL Injection vulnerability in Moodle

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.

9.8
2023-03-06 CVE-2021-36394 Moodle Unspecified vulnerability in Moodle

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

9.8
2023-03-06 CVE-2023-24734 Sigb Use After Free vulnerability in Sigb PMB 7.4.6

An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.

9.8
2023-03-06 CVE-2023-24736 Sigb Unspecified vulnerability in Sigb PMB 7.4.6

PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.

9.8
2023-03-06 CVE-2023-26949 Onekeyadmin Unrestricted Upload of File with Dangerous Type vulnerability in Onekeyadmin 1.3.9

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.

9.8
2023-03-06 CVE-2023-24776 Funadmin Unspecified vulnerability in Funadmin 3.2.0

Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.

9.8
2023-03-06 CVE-2023-0979 Meddatapacs SQL Injection vulnerability in Meddatapacs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.This issue affects MedDataPACS : before 2023-03-03.

9.8
2023-03-06 CVE-2022-4328 Najeebmedia Unspecified vulnerability in Najeebmedia Woocommerce Checkout Field Manager

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

9.8
2023-03-06 CVE-2023-0839 Inscada Project Unspecified vulnerability in Inscada Project Inscada

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co.

9.8
2023-03-06 CVE-2023-22336 DOS Osaka Path Traversal vulnerability in Dos-Osaka Rakuraku PC Cloud Agent and SS1

Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory.

9.8
2023-03-06 CVE-2023-22344 DOS Osaka Use of Hard-coded Credentials vulnerability in Dos-Osaka Rakuraku PC Cloud Agent and SS1

Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it.

9.8
2023-03-10 CVE-2023-27898 Jenkins Cross-site Scripting vulnerability in Jenkins

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.

9.6
2023-03-10 CVE-2023-27905 Jenkins Cross-site Scripting vulnerability in Jenkins Update-Center2 3.13/3.14

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.

9.6
2023-03-09 CVE-2023-26957 Onekeyadmin Missing Authorization vulnerability in Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.

9.1
2023-03-08 CVE-2021-33351 Wyomind Cross-site Scripting vulnerability in Wyomind Help Desk

Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.

9.0

140 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-10 CVE-2023-23328 Avantfax Unrestricted Upload of File with Dangerous Type vulnerability in Avantfax 3.3.7

A File Upload vulnerability exists in AvantFAX 3.3.7.

8.8
2023-03-10 CVE-2020-5002 IBM Improper Input Validation vulnerability in IBM Financial Transaction Manager

IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation.

8.8
2023-03-10 CVE-2022-33213 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in modem due to buffer overflow while processing a PPP packet

8.8
2023-03-10 CVE-2023-1205 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Rax30 Firmware

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.

8.8
2023-03-10 CVE-2023-27851 Netgear Unspecified vulnerability in Netgear Rax30 Firmware

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.

8.8
2023-03-10 CVE-2023-1313 Agentejo Unrestricted Upload of File with Dangerous Type vulnerability in Agentejo Cockpit

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.

8.8
2023-03-09 CVE-2023-27490 Nextauth JS Session Fixation vulnerability in Nextauth.Js Next-Auth

NextAuth.js is an open source authentication solution for Next.js applications.

8.8
2023-03-08 CVE-2022-46394 ARM Use After Free vulnerability in ARM products

An issue was discovered in the Arm Mali GPU Kernel Driver.

8.8
2023-03-08 CVE-2023-23760 Github Path Traversal vulnerability in Github Enterprise Server

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site.

8.8
2023-03-08 CVE-2023-27486 Xcat Project Incorrect Authorization vulnerability in Xcat Project Xcat

xCAT is a toolkit for deployment and administration of computer clusters.

8.8
2023-03-08 CVE-2023-27088 Feiqu Opensource Project Unspecified vulnerability in Feiqu-Opensource Project Feiqu-Opensource

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java.

8.8
2023-03-08 CVE-2023-0089 Proofpoint Code Injection vulnerability in Proofpoint Enterprise Protection

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.

8.8
2023-03-07 CVE-2023-1213 Google Use After Free vulnerability in Google Chrome

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1214 Google Type Confusion vulnerability in Google Chrome

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1215 Google Type Confusion vulnerability in Google Chrome

Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1216 Google Use After Free vulnerability in Google Chrome

Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1218 Google Use After Free vulnerability in Google Chrome

Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1219 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1220 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1222 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-03-07 CVE-2023-1227 Google Use After Free vulnerability in Google Chrome

Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction.

8.8
2023-03-07 CVE-2023-27475 Goutil Project Path Traversal vulnerability in Goutil Project Goutil

Goutil is a collection of miscellaneous functionality for the go language.

8.8
2023-03-07 CVE-2022-39951 Fortinet OS Command Injection vulnerability in Fortinet Fortiweb

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

8.8
2023-03-07 CVE-2015-10087 Upthemes Unrestricted Upload of File with Dangerous Type vulnerability in Upthemes Designfolio-Plus 1.2

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic.

8.8
2023-03-07 CVE-2021-4331 Posimyth Unspecified vulnerability in Posimyth the Plus Addons for Elementor

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free).

8.8
2023-03-07 CVE-2020-36669 Jetbackup Unspecified vulnerability in Jetbackup

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9.

8.8
2023-03-07 CVE-2021-4330 Envato Unspecified vulnerability in Envato Elements and Template KIT - Import

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions.

8.8
2023-03-07 CVE-2023-23554 Sraoss Uncontrolled Search Path Element vulnerability in Sraoss PG IVM

Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1.

8.8
2023-03-06 CVE-2019-8720 Webkitgtk
Wpewebkit
Redhat
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

A vulnerability was found in WebKit.

8.8
2023-03-06 CVE-2023-24217 Agilebio Unspecified vulnerability in Agilebio Electronic LAB Notebook 4.234

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

8.8
2023-03-06 CVE-2023-0093 Okta Command Injection vulnerability in Okta Advanced Server Access

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser.

8.8
2023-03-06 CVE-2023-24763 Prestashop SQL Injection vulnerability in Prestashop XEN Forum

In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.

8.8
2023-03-06 CVE-2023-24789 Jeecg SQL Injection vulnerability in Jeecg 3.4.4

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.

8.8
2023-03-06 CVE-2022-46395 ARM Use After Free vulnerability in ARM products

An issue was discovered in the Arm Mali GPU Kernel Driver.

8.8
2023-03-06 CVE-2022-4265 Gopostmatic Unspecified vulnerability in Gopostmatic Replyable

The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action.

8.8
2023-03-06 CVE-2023-1184 Shopex Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8.

8.8
2023-03-06 CVE-2023-1185 Shopex Unrestricted Upload of File with Dangerous Type vulnerability in Shopex Ecshop

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8.

8.8
2023-03-06 CVE-2022-4904 C Ares Project
Redhat
Fedoraproject
Improper Validation of Specified Quantity in Input vulnerability in multiple products

A flaw was found in the c-ares package.

8.6
2023-03-07 CVE-2022-42476 Fortinet Path Traversal vulnerability in Fortinet Fortios and Fortiproxy

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

8.2
2023-03-11 CVE-2023-1352 Design AND Implementation OF Covid 19 Directory ON Vaccination System Project SQL Injection vulnerability in Design and Implementation of Covid-19 Directory on Vaccination System Project Design and Implementation of Covid-19 Directory on Vaccination System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0.

8.1
2023-03-11 CVE-2023-24999 Hashicorp Incorrect Authorization vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor.

8.1
2023-03-09 CVE-2023-1293 Online Graduate Tracer System Project SQL Injection vulnerability in Online Graduate Tracer System Project Online Graduate Tracer System 1.0

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.

8.1
2023-03-08 CVE-2023-22891 Smartbear Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.

8.1
2023-03-10 CVE-2022-20929 Cisco Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise NFV Infrastructure Software

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files.

7.8
2023-03-10 CVE-2022-25655 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

7.8
2023-03-10 CVE-2022-25694 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

7.8
2023-03-10 CVE-2022-25705 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

7.8
2023-03-10 CVE-2022-25709 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

7.8
2023-03-10 CVE-2022-33242 Qualcomm Improper Authentication vulnerability in Qualcomm products

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.

7.8
2023-03-10 CVE-2022-33245 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in WLAN due to use after free

7.8
2023-03-10 CVE-2022-33260 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to stack based buffer overflow in core while sending command from USB of large size.

7.8
2023-03-10 CVE-2022-33278 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.

7.8
2023-03-10 CVE-2022-40530 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.

7.8
2023-03-10 CVE-2022-40531 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

7.8
2023-03-10 CVE-2022-40539 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption in Automotive Android OS due to improper validation of array index.

7.8
2023-03-10 CVE-2022-40540 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.

7.8
2023-03-10 CVE-2023-25144 Trendmicro Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019

An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.

7.8
2023-03-10 CVE-2023-25145 Trendmicro Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019

A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8
2023-03-10 CVE-2023-25146 Trendmicro Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8
2023-03-10 CVE-2023-25148 Trendmicro Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8
2023-03-10 CVE-2023-22436 Openatom Use After Free vulnerability in Openatom Openharmony

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

7.8
2023-03-10 CVE-2023-27117 Webassembly Out-of-bounds Write vulnerability in Webassembly 1.0.29

WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

7.8
2023-03-09 CVE-2023-0621 Hornerautomation Unspecified vulnerability in Hornerautomation Cscape Envision RV 4.60

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e.

7.8
2023-03-09 CVE-2023-0622 Hornerautomation Unspecified vulnerability in Hornerautomation Cscape Envision RV 4.60

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e.

7.8
2023-03-09 CVE-2023-0623 Hornerautomation Unspecified vulnerability in Hornerautomation Cscape Envision RV 4.60

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e.

7.8
2023-03-09 CVE-2023-27985 GNU OS Command Injection vulnerability in GNU Emacs 28.1/28.2

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI.

7.8
2023-03-09 CVE-2023-27986 GNU Code Injection vulnerability in GNU Emacs 28.1/28.2

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.

7.8
2023-03-08 CVE-2023-0030 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail.

7.8
2023-03-08 CVE-2023-1277 Ubuntukylin OS Command Injection vulnerability in Ubuntukylin Kylin-System-Updater 1.4.20Kord

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin.

7.8
2023-03-07 CVE-2023-1003 Typora Code Injection vulnerability in Typora

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows.

7.8
2023-03-07 CVE-2022-39953 Fortinet Improper Privilege Management vulnerability in Fortinet Fortinac

A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.

7.8
2023-03-06 CVE-2022-3424 Linux
Redhat
Use After Free vulnerability in multiple products

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function.

7.8
2023-03-06 CVE-2023-25304 Prismlauncher Path Traversal vulnerability in Prismlauncher Prism Launcher

An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file.

7.8
2023-03-06 CVE-2023-1190 Imageinfo Project Classic Buffer Overflow vulnerability in Imageinfo Project Imageinfo 3.0.3

A vulnerability was found in xiaozhuai imageinfo up to 3.0.3.

7.8
2023-03-06 CVE-2023-26107 Ebay Code Injection vulnerability in Ebay Sketchsvg

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.

7.8
2023-03-06 CVE-2023-22419 Jtekt Out-of-bounds Read vulnerability in Jtekt Kostac PLC Programming Software

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier.

7.8
2023-03-06 CVE-2023-22421 Jtekt Out-of-bounds Read vulnerability in Jtekt Kostac PLC Programming Software

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier.

7.8
2023-03-06 CVE-2023-22424 Jtekt Use After Free vulnerability in Jtekt Kostac PLC Programming Software

Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier.

7.8
2023-03-07 CVE-2023-27480 Xwiki XXE vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

7.7
2023-03-06 CVE-2022-4862 M Files Cross-site Scripting vulnerability in M-Files Server

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3.

7.6
2023-03-10 CVE-2022-44574 Ivanti Improper Authentication vulnerability in Ivanti Avalanche

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

7.5
2023-03-10 CVE-2023-23911 Rocket Chat Inadequate Encryption Strength vulnerability in Rocket.Chat

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.

7.5
2023-03-10 CVE-2023-27530 Rack Project
Debian
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

7.5
2023-03-10 CVE-2023-27532 Veeam Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained.

7.5
2023-03-10 CVE-2022-33244 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout

7.5
2023-03-10 CVE-2022-33250 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.

7.5
2023-03-10 CVE-2022-33254 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS due to reachable assertion in Modem while processing SIB1 Message.

7.5
2023-03-10 CVE-2022-33272 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS in modem due to reachable assertion.

7.5
2023-03-10 CVE-2022-33309 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.

7.5
2023-03-10 CVE-2022-40527 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.

7.5
2023-03-10 CVE-2022-40535 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS due to buffer over-read in WLAN while sending a packet to device.

7.5
2023-03-10 CVE-2022-43902 IBM Unspecified vulnerability in IBM MQ Appliance

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages.

7.5
2023-03-10 CVE-2023-1246 Saysis Files or Directories Accessible to External Parties vulnerability in Saysis Starcities 1.1/1.3

Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3.

7.5
2023-03-10 CVE-2023-27900 Jenkins Allocation of Resources Without Limits or Throttling vulnerability in Jenkins

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.

7.5
2023-03-10 CVE-2023-27901 Jenkins Allocation of Resources Without Limits or Throttling vulnerability in Jenkins

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.

7.5
2023-03-10 CVE-2023-27161 Jellyfin Server-Side Request Forgery (SSRF) vulnerability in Jellyfin

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories.

7.5
2023-03-10 CVE-2023-26464 Apache Deserialization of Untrusted Data vulnerability in Apache Log4J

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2.

7.5
2023-03-10 CVE-2023-22301 Openatom Unspecified vulnerability in Openatom Openharmony

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

7.5
2023-03-10 CVE-2014-125093 Getadmiral Unspecified vulnerability in Getadmiral AD Blocking Detector

A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic.

7.5
2023-03-09 CVE-2021-34125 Dronecode
Yuneec
An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.
7.5
2023-03-09 CVE-2023-20049 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XR

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition.

7.5
2023-03-09 CVE-2023-27483 Crossplane Resource Exhaustion vulnerability in Crossplane Crossplane-Runtime 0.16.0

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks.

7.5
2023-03-09 CVE-2023-1288 3DS XXE vulnerability in 3DS Enovia Live Collaboration

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.

7.5
2023-03-09 CVE-2023-25573 Metersphere Missing Authorization vulnerability in Metersphere

metersphere is an open source continuous testing platform.

7.5
2023-03-09 CVE-2023-26948 Onekeyadmin Files or Directories Accessible to External Parties vulnerability in Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.

7.5
2023-03-09 CVE-2018-25081 Bitwarden Unspecified vulnerability in Bitwarden

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element.

7.5
2023-03-09 CVE-2023-27974 Bitwarden Unspecified vulnerability in Bitwarden

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited.

7.5
2023-03-08 CVE-2021-33639 Openatom Unspecified vulnerability in Openatom Openeuler Kernel

REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.

7.5
2023-03-08 CVE-2023-22890 Smartbear Unrestricted Upload of File with Dangerous Type vulnerability in Smartbear Zephyr Enterprise

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.

7.5
2023-03-08 CVE-2023-22892 Smartbear Exposure of Resource to Wrong Sphere vulnerability in Smartbear Zephyr Enterprise

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.

7.5
2023-03-08 CVE-2023-24533 Nistec Project Incorrect Calculation vulnerability in Nistec Project Nistec 0.0.1

Multiplication of certain unreduced P-256 scalars produce incorrect results.

7.5
2023-03-08 CVE-2023-26956 Onekeyadmin Files or Directories Accessible to External Parties vulnerability in Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.

7.5
2023-03-08 CVE-2023-27476 Osgeo XXE vulnerability in Osgeo Owslib

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models.

7.5
2023-03-07 CVE-2022-41333 Fortinet Resource Exhaustion vulnerability in Fortinet Fortirecorder Firmware

An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.

7.5
2023-03-07 CVE-2023-27522 Apache
Debian
Unbit
HTTP Request Smuggling vulnerability in multiple products

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.

7.5
2023-03-06 CVE-2022-45142 Heimdal Project Improper Validation of Integrity Check Value vulnerability in Heimdal Project Heimdal 7.7.1/7.8.0

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp.

7.5
2023-03-06 CVE-2023-27891 Rami Insufficient Session Expiration vulnerability in Rami Pretix

rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session.

7.5
2023-03-06 CVE-2023-26601 Zohocorp Resource Exhaustion vulnerability in Zohocorp products

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).

7.5
2023-03-06 CVE-2021-36395 Moodle Uncontrolled Recursion vulnerability in Moodle

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

7.5
2023-03-06 CVE-2021-36396 Moodle Server-Side Request Forgery (SSRF) vulnerability in Moodle

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

7.5
2023-03-06 CVE-2017-20180 Zerocoin Insufficient Verification of Data Authenticity vulnerability in Zerocoin Libzerocoin

A vulnerability classified as critical has been found in Zerocoin libzerocoin.

7.5
2023-03-06 CVE-2022-3284 M Files Unspecified vulnerability in M-Files Server 22.2.11051.0/22.3.11237.3/22.6.11534.4

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.

7.5
2023-03-06 CVE-2023-26106 DOT Lens Project Unspecified vulnerability in Dot-Lens Project Dot-Lens

All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.

7.5
2023-03-06 CVE-2023-26111 Nubosoftware Node Static Project
Node Static Project
Path Traversal vulnerability in multiple products

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.

7.5
2023-03-06 CVE-2023-22335 DOS Osaka Unspecified vulnerability in Dos-Osaka Rakuraku PC Cloud Agent and SS1

Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs.

7.5
2023-03-09 CVE-2022-4331 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

7.3
2023-03-07 CVE-2023-25611 Fortinet Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.

7.3
2023-03-12 CVE-2022-48365 Ibexa Improper Privilege Management vulnerability in Ibexa Digital Experience Platform and EZ Platform Kernel

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26.

7.2
2023-03-10 CVE-2023-1328 115Cms Unrestricted Upload of File with Dangerous Type vulnerability in 115Cms 4.2

A vulnerability was found in Guizhou 115cms 4.2.

7.2
2023-03-08 CVE-2023-1276 Sul1Ss Shop Project SQL Injection vulnerability in Sul1Ss Shop Project Sul1Ss Shop

A vulnerability, which was classified as critical, has been found in SUL1SS_shop.

7.2
2023-03-07 CVE-2023-25223 Crmeb SQL Injection vulnerability in Crmeb

CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.

7.2
2023-03-07 CVE-2023-25605 Fortinet Unspecified vulnerability in Fortinet Fortisoar 7.3.0/7.3.1

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

7.2
2023-03-07 CVE-2023-1211 Phpipam SQL Injection vulnerability in PHPipam

SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.

7.2
2023-03-06 CVE-2023-1191 Xjd2020 Path Traversal vulnerability in Xjd2020 Fastcms

A vulnerability classified as problematic has been found in fastcms.

7.2
2023-03-06 CVE-2015-10091 Bywatersolutions SQL Injection vulnerability in Bywatersolutions Bywater-Koha-Xslt

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical.

7.2
2023-03-07 CVE-2022-41328 Fortinet Path Traversal vulnerability in Fortinet Fortios

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.

7.1
2023-03-06 CVE-2023-1161 Wireshark
Debian
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
7.1
2023-03-10 CVE-2022-33257 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.

7.0
2023-03-10 CVE-2023-27899 Jenkins Incorrect Authorization vulnerability in Jenkins

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

7.0
2023-03-06 CVE-2023-23939 Microsoft Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Azure Setup Kubectl 1/2.0/2.1

Azure/setup-kubectl is a GitHub Action for installing Kubectl.

7.0

258 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-10 CVE-2023-27850 Netgear Unspecified vulnerability in Netgear Rax30 Firmware

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.

6.8
2023-03-07 CVE-2023-1257 Moxa Unspecified vulnerability in Moxa products

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS.

6.8
2023-03-10 CVE-2022-47461 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephone service, there is a missing permission check.

6.7
2023-03-10 CVE-2022-47462 Google Missing Authorization vulnerability in Google Android 10.0

In telephone service, there is a missing permission check.

6.7
2023-03-10 CVE-2023-25147 Trendmicro Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.

6.7
2023-03-07 CVE-2023-20621 Google Improper Input Validation vulnerability in Google Android

In tinysys, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20624 Google Classic Buffer Overflow vulnerability in Google Android 12.0/13.0

In vow, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2023-03-07 CVE-2023-20626 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

In msdc, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2023-03-07 CVE-2023-20627 Google Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0/13.0

In pqframework, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20628 Google Unspecified vulnerability in Google Android 12.0/13.0

In thermal, there is a possible memory corruption due to an uncaught exception.

6.7
2023-03-07 CVE-2023-20630 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In usb, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20632 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In usb, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20633 Google Improper Validation of Array Index vulnerability in Google Android 11.0/12.0/13.0

In usb, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20634 Google Improper Input Validation vulnerability in Google Android 11.0/12.0

In widevine, there is a possible out of bounds write due to improper input validation.

6.7
2023-03-07 CVE-2023-20636 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In display drm, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20637 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20638 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20639 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20640 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20641 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20642 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20643 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-07 CVE-2023-20650 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In apu, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-03-10 CVE-2023-1201 Devolutions Unspecified vulnerability in Devolutions Server

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.

6.5
2023-03-10 CVE-2023-1203 Devolutions Unspecified vulnerability in Devolutions Remote Desktop Manager

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.

6.5
2023-03-09 CVE-2022-3767 Gitlab Unspecified vulnerability in Gitlab Dynamic Application Security Testing Analyzer

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.

6.5
2023-03-09 CVE-2023-25814 Metersphere Path Traversal vulnerability in Metersphere

metersphere is an open source continuous testing platform.

6.5
2023-03-09 CVE-2023-0845 Hashicorp NULL Pointer Dereference vulnerability in Hashicorp Consul

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances.

6.5
2023-03-08 CVE-2022-4315 Gitlab Incorrect Authorization vulnerability in Gitlab Dynamic Application Security Testing Analyzer

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.

6.5
2023-03-07 CVE-2023-1217 Google Out-of-bounds Write vulnerability in Google Chrome

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5
2023-03-07 CVE-2023-1226 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5
2023-03-07 CVE-2023-27478 Awesome Information Exposure vulnerability in Awesome Libmemcached

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server.

6.5
2023-03-07 CVE-2022-27490 Fortinet Information Exposure vulnerability in Fortinet products

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.

6.5
2023-03-07 CVE-2022-45861 Fortinet Access of Uninitialized Pointer vulnerability in Fortinet Fortios and Fortiproxy

An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.

6.5
2023-03-07 CVE-2021-4332 Posimyth Unspecified vulnerability in Posimyth the Plus Addons for Elementor

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free).

6.5
2023-03-07 CVE-2021-4333 Veronalabs Unspecified vulnerability in Veronalabs WP Statistics

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1.

6.5
2023-03-06 CVE-2022-3277 Redhat
Openstack
Resource Exhaustion vulnerability in multiple products

An uncontrolled resource consumption flaw was found in openstack-neutron.

6.5
2023-03-06 CVE-2022-3854 Redhat Unspecified vulnerability in Redhat Ceph Storage 3.0/4.0/5.0

A flaw was found in Ceph, relating to the URL processing on RGW backends.

6.5
2023-03-06 CVE-2023-26600 Zohocorp Unspecified vulnerability in Zohocorp products

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.

6.5
2023-03-06 CVE-2023-26054 Mobyproject Information Exposure vulnerability in Mobyproject Buildkit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.

6.5
2023-03-07 CVE-2023-20623 Google
Yoctoproject
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

In ion, there is a possible escalation of privilege due to improper locking.

6.4
2023-03-07 CVE-2023-20625 Google Improper Synchronization vulnerability in Google Android 12.0/13.0

In adsp, there is a possible double free due to a race condition.

6.4
2023-03-07 CVE-2023-1235 Google Type Confusion vulnerability in Google Chrome

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction.

6.3
2023-03-07 CVE-2020-36670 Basixonline Unspecified vulnerability in Basixonline Nex-Forms

The NEX-Forms.

6.3
2023-03-12 CVE-2021-46875 Ibexa Cross-site Scripting vulnerability in Ibexa EZ Platform Kernel

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1.

6.1
2023-03-11 CVE-2013-10021 Wordpress Cross-site Scripting vulnerability in Wordpress Debug BAR

A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress.

6.1
2023-03-11 CVE-2023-1353 Design AND Implementation OF Covid 19 Directory ON Vaccination System Project Cross-site Scripting vulnerability in Design and Implementation of Covid-19 Directory on Vaccination System Project Design and Implementation of Covid-19 Directory on Vaccination System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0.

6.1
2023-03-11 CVE-2023-1354 Design AND Implementation OF Covid 19 Directory ON Vaccination System Project Cross-site Scripting vulnerability in Design and Implementation of Covid-19 Directory on Vaccination System Project Design and Implementation of Covid-19 Directory on Vaccination System 1.0

A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic.

6.1
2023-03-11 CVE-2023-1349 Hsycms Cross-site Scripting vulnerability in Hsycms 3.1

A vulnerability, which was classified as problematic, has been found in Hsycms 3.1.

6.1
2023-03-10 CVE-2021-27788 Hcltech Cross-site Scripting vulnerability in Hcltech Verse

HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability.

6.1
2023-03-10 CVE-2023-24975 IBM Improper Input Validation vulnerability in IBM Spectrum Symphony 7.3.0

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

6.1
2023-03-10 CVE-2023-0746 Gigamon Cross-site Scripting vulnerability in Gigamon Gigavue-Os 5.0.202

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user.

6.1
2023-03-10 CVE-2023-1320 Enhancesoft Cross-site Scripting vulnerability in Enhancesoft Osticket

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

6.1
2023-03-10 CVE-2022-48111 Siri Informatica Cross-site Scripting vulnerability in Siri-Informatica Wi400

A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.

6.1
2023-03-10 CVE-2017-20182 Mobilevikings Cross-site Scripting vulnerability in Mobilevikings Django Ajax Utilities

A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic.

6.1
2023-03-10 CVE-2013-10020 A Forms Project Cross-site Scripting vulnerability in A-Forms Project A-Forms

A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress.

6.1
2023-03-09 CVE-2023-1302 File Tracker Manager System Project Cross-site Scripting vulnerability in File Tracker Manager System Project File Tracker Management System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0.

6.1
2023-03-09 CVE-2022-3381 Gitlab Open Redirect vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2.

6.1
2023-03-09 CVE-2023-27206 Best POS Management System Project Cross-site Scripting vulnerability in Best POS Management System Project Best POS Management System 1.0

A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

6.1
2023-03-09 CVE-2023-27208 Online Pizza Ordering System Project Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

6.1
2023-03-09 CVE-2023-27211 Online Pizza Ordering System Project Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

6.1
2023-03-09 CVE-2023-27212 Online Pizza Ordering System Project Cross-site Scripting vulnerability in Online Pizza Ordering System Project Online Pizza Ordering System 1.0

A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

6.1
2023-03-09 CVE-2022-4317 Gitlab Open Redirect vulnerability in Gitlab Dynamic Application Security Testing Analyzer

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.

6.1
2023-03-08 CVE-2022-4007 Gitlab Cross-site Scripting vulnerability in Gitlab

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

6.1
2023-03-08 CVE-2023-1278 Ibos Cross-site Scripting vulnerability in Ibos

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5.

6.1
2023-03-08 CVE-2023-1275 Phone Shop Sales Managements System Project Cross-site Scripting vulnerability in Phone Shop Sales Managements System Project Phone Shop Sales Managements System 1.0

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0.

6.1
2023-03-08 CVE-2023-24657 Phpipam Cross-site Scripting vulnerability in PHPipam 1.6

phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.

6.1
2023-03-07 CVE-2021-44196 Ubit Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ubit Student Information Management System

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.

6.1
2023-03-07 CVE-2021-44197 Ubit Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ubit Student Information Management System

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.

6.1
2023-03-06 CVE-2021-36713 Sprymedia Cross-site Scripting vulnerability in Sprymedia Datatables 1.9.2

Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie.

6.1
2023-03-06 CVE-2015-10095 WOO Popup Project Cross-site Scripting vulnerability in Woo-Popup Project Woo-Popup

A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress.

6.1
2023-03-06 CVE-2023-24733 Sigb Cross-site Scripting vulnerability in Sigb PMB 7.4.6

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.

6.1
2023-03-06 CVE-2023-24735 Sigb Open Redirect vulnerability in Sigb PMB 7.4.6

PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php.

6.1
2023-03-06 CVE-2023-24737 Sigb Cross-site Scripting vulnerability in Sigb PMB 7.4.6

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.

6.1
2023-03-06 CVE-2021-35377 Vicidial Cross-site Scripting vulnerability in Vicidial

Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.

6.1
2023-03-06 CVE-2023-27472 Quickentity Editor Project Cross-site Scripting vulnerability in Quickentity Editor Project Quickentity Editor

quickentity-editor-next is an open source, system local, video game asset editor.

6.1
2023-03-06 CVE-2015-10094 Fastly Cross-site Scripting vulnerability in Fastly

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress.

6.1
2023-03-06 CVE-2022-2178 Saysis Cross-site Scripting vulnerability in Saysis Starcities

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS).This issue affects Starcities: before 1.1.

6.1
2023-03-06 CVE-2015-10092 Qtranslate Slug Project Cross-site Scripting vulnerability in Qtranslate Slug Project Qtranslate Slug

A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress.

6.1
2023-03-06 CVE-2022-4929 Learnetic Cross-site Scripting vulnerability in Learnetic Icplayer

A vulnerability was found in icplayer up to 0.818.

6.1
2023-03-06 CVE-2022-4928 Learnetic Cross-site Scripting vulnerability in Learnetic Icplayer

A vulnerability was found in icplayer up to 0.819.

6.1
2023-03-06 CVE-2015-10090 Inboundnow Cross-site Scripting vulnerability in Inboundnow Landing-Pages

A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress.

6.1
2023-03-06 CVE-2023-22432 Web2Py Open Redirect vulnerability in Web2Py

Open redirect vulnerability exists in web2py versions prior to 2.23.1.

6.1
2023-03-06 CVE-2023-0330 Qemu
Debian
Out-of-bounds Write vulnerability in multiple products

A vulnerability in the lsi53c895a device affects the latest version of qemu.

6.0
2023-03-12 CVE-2016-15028 Icepay Improper Validation of Integrity Check Value vulnerability in Icepay Rest API 0.9

A vulnerability was found in ICEPAY REST-API-NET 0.9.

5.9
2023-03-06 CVE-2021-20251 Samba
Fedoraproject
Race Condition vulnerability in multiple products

A flaw was found in samba.

5.9
2023-03-11 CVE-2023-1355 VIM NULL Pointer Dereference vulnerability in VIM

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

5.5
2023-03-10 CVE-2022-22075 Qualcomm Unspecified vulnerability in Qualcomm products

Information Disclosure in Graphics during GPU context switch.

5.5
2023-03-10 CVE-2022-37939 HPE Unspecified vulnerability in HPE products

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers.

5.5
2023-03-10 CVE-2022-47453 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 10.0/11.0/12.0

In wcn service, there is a possible missing params check.

5.5
2023-03-10 CVE-2022-47454 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-03-10 CVE-2022-47455 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-03-10 CVE-2022-47456 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-03-10 CVE-2022-47457 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-03-10 CVE-2022-47458 Google Out-of-bounds Read vulnerability in Google Android 10.0/11.0/12.0

In wlan driver, there is a possible missing params check.

5.5
2023-03-10 CVE-2022-47459 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In wlan driver, there is a possible missing params check.

5.5
2023-03-10 CVE-2022-47460 Google Use After Free vulnerability in Google Android 10.0/11.0

In gpu device, there is a memory corruption due to a use after free.

5.5
2023-03-10 CVE-2022-47471 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47472 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47473 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47474 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47475 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47476 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47477 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47478 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47479 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47480 Google Missing Authorization vulnerability in Google Android 10.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47481 Google Missing Authorization vulnerability in Google Android 10.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47482 Google Missing Authorization vulnerability in Google Android 10.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47483 Google Missing Authorization vulnerability in Google Android 10.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2022-47484 Google Missing Authorization vulnerability in Google Android 10.0/11.0/12.0

In telephony service, there is a missing permission check.

5.5
2023-03-10 CVE-2023-0083 Openatom Type Confusion vulnerability in Openatom Openharmony

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.

5.5
2023-03-10 CVE-2023-24465 Openatom NULL Pointer Dereference vulnerability in Openatom Openharmony

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.

5.5
2023-03-10 CVE-2023-25947 Openatom NULL Pointer Dereference vulnerability in Openatom Openharmony

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

5.5
2023-03-10 CVE-2023-27114 Radare NULL Pointer Dereference vulnerability in Radare Radare2 5.8.3

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.

5.5
2023-03-10 CVE-2023-27115 Webassembly Unspecified vulnerability in Webassembly 1.0.29

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

5.5
2023-03-10 CVE-2023-27116 Webassembly Unspecified vulnerability in Webassembly 1.0.29

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.

5.5
2023-03-10 CVE-2023-27119 Webassembly Unspecified vulnerability in Webassembly Wabt 1.0.29

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.

5.5
2023-03-07 CVE-2023-1264 VIM
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.

5.5
2023-03-07 CVE-2022-22297 Fortinet Unspecified vulnerability in Fortinet Fortirecorder Firmware and Fortiweb

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

5.5
2023-03-07 CVE-2017-20181 Vocable Trainer Project Path Traversal vulnerability in Vocable Trainer Project Vocable Trainer

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android.

5.5
2023-03-06 CVE-2022-3707 Linux
Redhat
Double Free vulnerability in multiple products

A double-free memory flaw was found in the Linux kernel.

5.5
2023-03-06 CVE-2023-22481 Freshrss Information Exposure Through Log Files vulnerability in Freshrss

FreshRSS is a self-hosted RSS feed aggregator.

5.5
2023-03-06 CVE-2023-1186 Fabulatech NULL Pointer Dereference vulnerability in Fabulatech Webcam for Remote Desktop 2.8.42

A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic.

5.5
2023-03-06 CVE-2023-1187 Fabulatech Improper Resource Shutdown or Release vulnerability in Fabulatech Webcam for Remote Desktop 2.8.42

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic.

5.5
2023-03-06 CVE-2023-1188 Fabulatech Improper Resource Shutdown or Release vulnerability in Fabulatech Webcam for Remote Desktop 2.8.42

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42.

5.5
2023-03-06 CVE-2023-1189 Wisecleaner Improper Resource Shutdown or Release vulnerability in Wisecleaner Wise Folder Hider 4.4.3.202

A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202.

5.5
2023-03-10 CVE-2023-23326 Avantfax Cross-site Scripting vulnerability in Avantfax 3.3.7

A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7.

5.4
2023-03-10 CVE-2023-1315 Enhancesoft Cross-site Scripting vulnerability in Enhancesoft Osticket

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

5.4
2023-03-10 CVE-2023-1316 Enhancesoft Cross-site Scripting vulnerability in Enhancesoft Osticket

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

5.4
2023-03-10 CVE-2023-1317 Enhancesoft Cross-site Scripting vulnerability in Enhancesoft Osticket

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

5.4
2023-03-10 CVE-2023-1318 Enhancesoft Cross-site Scripting vulnerability in Enhancesoft Osticket

Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.

5.4
2023-03-09 CVE-2022-3758 Gitlab Incorrect Default Permissions vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

5.4
2023-03-09 CVE-2023-0050 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

5.4
2023-03-08 CVE-2023-24282 Poly Cross-site Scripting vulnerability in Poly Trio 8800 Firmware 7.2.2.1094

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.

5.4
2023-03-08 CVE-2023-1270 Btcpayserver Cross-site Scripting vulnerability in Btcpayserver

Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.

5.4
2023-03-08 CVE-2023-26952 Onekeyadmin Cross-site Scripting vulnerability in Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.

5.4
2023-03-08 CVE-2023-26950 Onekeyadmin Cross-site Scripting vulnerability in Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.

5.4
2023-03-07 CVE-2022-40676 Fortinet Cross-site Scripting vulnerability in Fortinet Fortinac

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.

5.4
2023-03-07 CVE-2023-1254 Health Center Patient Record Management System Project Cross-site Scripting vulnerability in Health Center Patient Record Management System Project Health Center Patient Record Management System 1.0

A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic.

5.4
2023-03-07 CVE-2020-36667 Jetbackup Unspecified vulnerability in Jetbackup

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions.

5.4
2023-03-07 CVE-2023-26954 Onekeyadmin Project Cross-site Scripting vulnerability in Onekeyadmin Project Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.

5.4
2023-03-07 CVE-2023-26955 Onekeyadmin Project Cross-site Scripting vulnerability in Onekeyadmin Project Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.

5.4
2023-03-07 CVE-2023-1237 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

5.4
2023-03-07 CVE-2023-1238 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

5.4
2023-03-07 CVE-2023-1240 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

5.4
2023-03-07 CVE-2023-1241 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

5.4
2023-03-07 CVE-2023-1242 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

5.4
2023-03-07 CVE-2023-1244 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

5.4
2023-03-07 CVE-2023-1245 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

5.4
2023-03-06 CVE-2021-36398 Moodle Cross-site Scripting vulnerability in Moodle 3.11.0

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.

5.4
2023-03-06 CVE-2021-36399 Moodle Cross-site Scripting vulnerability in Moodle 3.11.0

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

5.4
2023-03-06 CVE-2022-42248 Qlik Cross-site Scripting vulnerability in Qlik Qlikview

QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.

5.4
2023-03-06 CVE-2023-27474 Rangerstudio Cross-site Scripting vulnerability in Rangerstudio Directus

Directus is a real-time API and App dashboard for managing SQL database content.

5.4
2023-03-06 CVE-2022-4930 Syspass Cross-site Scripting vulnerability in Syspass

A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4.

5.4
2023-03-06 CVE-2023-1200 Ehuacui BBS Project Cross-site Scripting vulnerability in Ehuacui-Bbs Project Ehuacui-Bbs

A vulnerability was found in ehuacui bbs.

5.4
2023-03-06 CVE-2023-0063 Synved Unspecified vulnerability in Synved Wordpress Shortcodes

The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0064 Eaglevisionit Unspecified vulnerability in Eaglevisionit Evision Responsive Column Layout Shortcodes

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0065 I2 Pros Cons Project Cross-site Scripting vulnerability in I2 Pros & Cons Project I2 Pros & Cons 1.3.1

The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0068 Product Gtin EAN UPC Isbn FOR Woocommerce Project Unspecified vulnerability in Product Gtin (Ean, Upc, Isbn) for Woocommerce Project Product Gtin (Ean, Upc, Isbn) for Woocommerce

The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0069 Wpaudio MP3 Player Project Unspecified vulnerability in Wpaudio MP3 Player Project Wpaudio MP3 Player

The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0076 Dfactory Unspecified vulnerability in Dfactory Download Attachments

The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0078 Resumebuilder Unspecified vulnerability in Resumebuilder Resume Builder 3.1.1

The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users

5.4
2023-03-06 CVE-2023-0165 Nicdark Unspecified vulnerability in Nicdark Cost Calculator

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0212 Advanced Recent Posts Project Unspecified vulnerability in Advanced Recent Posts Project Advanced Recent Posts 0.6.14

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2023-0377 Robincornett Cross-site Scripting vulnerability in Robincornett Scriptless Social Sharing

The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-03-06 CVE-2015-10093 Mark User AS Spammer Project Cross-site Scripting vulnerability in Mark User AS Spammer Project Mark User AS Spammer 1.0.0/1.0.1

A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress.

5.4
2023-03-06 CVE-2023-22856 Blogengine Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.

5.4
2023-03-06 CVE-2023-22857 Blogengine Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.

5.4
2023-03-06 CVE-2022-44875 Kioware Cross-site Scripting vulnerability in Kioware

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.

5.4
2023-03-06 CVE-2023-22438 EC Cube Cross-site Scripting vulnerability in Ec-Cube

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.

5.4
2023-03-06 CVE-2023-22838 EC Cube Cross-site Scripting vulnerability in Ec-Cube

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.

5.4
2023-03-06 CVE-2023-25077 EC Cube Cross-site Scripting vulnerability in Ec-Cube

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.

5.4
2023-03-12 CVE-2021-46876 Ibexa Unspecified vulnerability in Ibexa EZ Platform Kernel

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1.

5.3
2023-03-10 CVE-2023-27904 Jenkins Unspecified vulnerability in Jenkins

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.

5.3
2023-03-09 CVE-2023-1072 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

5.3
2023-03-09 CVE-2023-0223 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

5.3
2023-03-09 CVE-2022-29056 Fortinet Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortimail

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

5.3
2023-03-09 CVE-2023-26208 Fortinet Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

5.3
2023-03-09 CVE-2023-26209 Fortinet Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

5.3
2023-03-08 CVE-2023-24532 Golang Incorrect Calculation vulnerability in Golang GO

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve).

5.3
2023-03-07 CVE-2023-1263 Niteothemes Information Exposure vulnerability in Niteothemes Coming Soon & Maintenance

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function.

5.3
2023-03-07 CVE-2022-41329 Fortinet Information Exposure vulnerability in Fortinet Fortios and Fortiproxy

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.

5.3
2023-03-06 CVE-2021-36402 Moodle Unspecified vulnerability in Moodle

In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.

5.3
2023-03-06 CVE-2021-36403 Moodle Unspecified vulnerability in Moodle

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

5.3
2023-03-06 CVE-2021-36397 Moodle Unspecified vulnerability in Moodle

In Moodle, insufficient capability checks meant message deletions were not limited to the current user.

5.3
2023-03-06 CVE-2021-36400 Moodle Authorization Bypass Through User-Controlled Key vulnerability in Moodle

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

5.3
2023-03-06 CVE-2023-25169 Discourse Unspecified vulnerability in Discourse Yearly Review 0.1

discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic.

5.3
2023-03-06 CVE-2023-22858 Blogengine Unspecified vulnerability in Blogengine Blogengine.Net 3.3.8.0

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.

5.3
2023-03-06 CVE-2023-26108 Nestjs Unspecified vulnerability in Nestjs Nest

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe.

5.3
2023-03-12 CVE-2023-1360 Employee Payslip Generator System Project SQL Injection vulnerability in Employee Payslip Generator System Project Employee Payslip Generator System 1.2.0

A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical.

4.9
2023-03-10 CVE-2023-23327 Avantfax Information Exposure vulnerability in Avantfax 3.3.7

An Information Disclosure vulnerability exists in AvantFAX 3.3.7.

4.9
2023-03-10 CVE-2023-27577 Flarum Path Traversal vulnerability in Flarum

flarum is a forum software package for building communities.

4.9
2023-03-09 CVE-2023-27484 Crossplane Resource Exhaustion vulnerability in Crossplane

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks.

4.9
2023-03-07 CVE-2023-25230 Loonflow Project Server-Side Request Forgery (SSRF) vulnerability in Loonflow Project Loonflow R2.0.14

A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter.

4.9
2023-03-12 CVE-2023-1359 Gadget Works Online Ordering System Project Cross-site Scripting vulnerability in Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0

A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic.

4.8
2023-03-10 CVE-2023-1319 Enhancesoft Cross-site Scripting vulnerability in Enhancesoft Osticket

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

4.8
2023-03-10 CVE-2023-27164 Halo Unrestricted Upload of File with Dangerous Type vulnerability in Halo

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

4.8
2023-03-10 CVE-2023-1312 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.

4.8
2023-03-09 CVE-2023-1286 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.

4.8
2023-03-07 CVE-2023-26953 Onekeyadmin Cross-site Scripting vulnerability in Onekeyadmin 1.3.9

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.

4.8
2023-03-07 CVE-2023-1239 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.

4.8
2023-03-07 CVE-2023-1243 Answer Cross-site Scripting vulnerability in Answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

4.8
2023-03-07 CVE-2023-1212 Phpipam Cross-site Scripting vulnerability in PHPipam

Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.

4.8
2023-03-06 CVE-2021-36401 Moodle Cross-site Scripting vulnerability in Moodle

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.

4.8
2023-03-06 CVE-2023-1197 Uvdesk Cross-site Scripting vulnerability in Uvdesk Community-Skeleton

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.

4.8
2023-03-09 CVE-2023-20064 Cisco Missing Authorization vulnerability in Cisco IOS XR

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line.

4.6
2023-03-08 CVE-2022-46752 Dell Unspecified vulnerability in Dell products

Dell BIOS contains an Improper Authorization vulnerability.

4.6
2023-03-10 CVE-2023-0193 Nvidia Out-of-bounds Read vulnerability in Nvidia Cuda Toolkit

NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.

4.4
2023-03-10 CVE-2023-27903 Jenkins Incorrect Authorization vulnerability in Jenkins

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

4.4
2023-03-07 CVE-2023-20635 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android

In keyinstall, there is a possible information disclosure due to an integer overflow.

4.4
2023-03-07 CVE-2023-20644 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-03-07 CVE-2023-20645 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-03-07 CVE-2023-20646 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-03-07 CVE-2023-20647 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-03-07 CVE-2023-20648 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-03-07 CVE-2023-20649 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-03-07 CVE-2023-20651 Google Improper Input Validation vulnerability in Google Android 12.0/13.0

In apu, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-03-10 CVE-2023-27902 Jenkins Unspecified vulnerability in Jenkins

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

4.3
2023-03-10 CVE-2023-1333 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1334 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1335 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1336 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1337 Rapidload Missing Authorization vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1338 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1339 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1340 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1341 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1342 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1343 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1344 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1345 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

4.3
2023-03-10 CVE-2023-1346 Rapidload Unspecified vulnerability in Rapidload Power-Up for Autoptimize

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1.

4.3
2023-03-09 CVE-2022-4289 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2.

4.3
2023-03-09 CVE-2022-4462 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

4.3
2023-03-08 CVE-2023-27477 Bytecodealliance Off-by-one Error vulnerability in Bytecodealliance Cranelift-Codegen and Wasmtime

wasmtime is a fast and secure runtime for WebAssembly.

4.3
2023-03-07 CVE-2023-1221 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

4.3
2023-03-07 CVE-2023-1223 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1224 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1225 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1228 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1229 Google Incorrect Default Permissions vulnerability in Google Chrome

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1230 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1231 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1232 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1233 Google Unspecified vulnerability in Google Chrome

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension.

4.3
2023-03-07 CVE-2023-1234 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3
2023-03-07 CVE-2023-1236 Google Unspecified vulnerability in Google Chrome

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page.

4.3
2023-03-07 CVE-2023-27481 Monospace Information Exposure vulnerability in Monospace Directus

Directus is a real-time API and App dashboard for managing SQL database content.

4.3
2023-03-07 CVE-2023-27485 THM Incorrect Authorization vulnerability in THM Feedbacksystem

thmmniii/fbs-core is an open source feedback system for students.

4.3
2023-03-07 CVE-2022-46257 Github Exposure of Resource to Wrong Sphere vulnerability in Github Enterprise Server

An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI.

4.3
2023-03-07 CVE-2022-4931 Xibodevelopment Unspecified vulnerability in Xibodevelopment Backupwordpress 3.12

The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12.

4.3
2023-03-07 CVE-2022-4932 Boldgrid Unspecified vulnerability in Boldgrid Total Upkeep

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13.

4.3
2023-03-07 CVE-2020-36668 Jetbackup Unspecified vulnerability in Jetbackup

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action.

4.3
2023-03-07 CVE-2023-22847 Sraoss Unspecified vulnerability in Sraoss PG IVM

Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1.

4.3
2023-03-06 CVE-2022-48364 Joinmastodon Unspecified vulnerability in Joinmastodon Mastodon 3.5.0/3.5.1/3.5.2

The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.

4.3
2023-03-06 CVE-2023-0328 Wpcode Unspecified vulnerability in Wpcode

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce.

4.3
2023-03-07 CVE-2023-20620 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0/13.0

In adsp, there is a possible escalation of privilege due to a logic error.

4.1

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-03-09 CVE-2023-0483 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

3.8
2023-03-12 CVE-2022-48366 Ibexa Race Condition vulnerability in Ibexa products

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19.

3.7
2023-03-07 CVE-2023-23776 Fortinet Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortianalyzer

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer

3.1
2023-03-06 CVE-2022-4134 Openstack
Redhat
Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

A flaw was found in openstack-glance.

2.8
2023-03-09 CVE-2023-1084 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.

2.7