Weekly Vulnerabilities Reports > March 27 to April 2, 2023
Overview
350 new vulnerabilities reported during this period, including 60 critical vulnerabilities and 122 high severity vulnerabilities. This weekly summary report vulnerabilities in 378 products from 166 vendors including Fedoraproject, Linux, Hasthemes, Dlink, and Deltaww. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Read", "Out-of-bounds Write", and "OS Command Injection".
- 264 reported vulnerabilities are remotely exploitables.
- 142 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 200 reported vulnerabilities are exploitable by an anonymous user.
- Fedoraproject has the most reported vulnerabilities, with 18 reported vulnerabilities.
- Debian has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
60 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-04-02 | CVE-2023-27284 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. | 9.8 |
2023-04-02 | CVE-2023-27286 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Aspera Cargo and Aspera Connect IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. | 9.8 |
2023-04-02 | CVE-2023-1800 | GO Fastdfs Project | Unrestricted Upload of File with Dangerous Type vulnerability in Go-Fastdfs Project Go-Fastdfs A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. | 9.8 |
2023-04-02 | CVE-2023-1797 | Otcms | Unrestricted Upload of File with Dangerous Type vulnerability in Otcms 6.01 A vulnerability classified as critical was found in OTCMS 6.0.1. | 9.8 |
2023-04-02 | CVE-2023-1793 | Police Crime Record Management System Project | SQL Injection vulnerability in Police Crime Record Management System Project Police Crime Record Management System 1.0 A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. | 9.8 |
2023-04-02 | CVE-2023-1791 | Simple Task Allocation System Project | SQL Injection vulnerability in Simple Task Allocation System Project Simple Task Allocation System 1.0 A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. | 9.8 |
2023-04-02 | CVE-2023-1792 | Simple Mobile Comparison Website Project | SQL Injection vulnerability in Simple Mobile Comparison Website Project Simple Mobile Comparison Website 1.0 A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. | 9.8 |
2023-03-31 | CVE-2023-1784 | Jeecg | Improper Authentication vulnerability in Jeecg Boot 3.5.0 A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. | 9.8 |
2023-03-31 | CVE-2023-1785 | Earnings AND Expense Tracker APP Project | SQL Injection vulnerability in Earnings and Expense Tracker APP Project Earnings and Expense Tracker APP 1.0 A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. | 9.8 |
2023-03-31 | CVE-2023-29141 | Mediawiki Fedoraproject | An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. | 9.8 |
2023-03-31 | CVE-2023-28879 | Artifex Debian | Out-of-bounds Write vulnerability in multiple products In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. | 9.8 |
2023-03-31 | CVE-2023-28862 | Lemonldap NG | Improper Authentication vulnerability in Lemonldap-Ng Lemonldap::Ng An issue was discovered in LemonLDAP::NG before 2.16.1. | 9.8 |
2023-03-31 | CVE-2023-1770 | Grade Point Average GPA Calculator Project | SQL Injection vulnerability in Grade Point Average (Gpa) Calculator Project Grade Point Average (Gpa) Calculator 1.0 A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. | 9.8 |
2023-03-31 | CVE-2023-1773 | Rockoa | Code Injection vulnerability in Rockoa 2.3.2 A vulnerability was found in Rockoa 2.3.2. | 9.8 |
2023-03-31 | CVE-2023-1753 | Phpmyfaq | Weak Password Requirements vulnerability in PHPmyfaq Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 9.8 |
2023-03-30 | CVE-2023-1741 | Jeecg | SQL Injection vulnerability in Jeecg Boot 3.5.0 A vulnerability was found in jeecg-boot 3.5.0. | 9.8 |
2023-03-30 | CVE-2023-1738 | Young Entrepreneur E Negosyo System Project | SQL Injection vulnerability in Young Entrepreneur E-Negosyo System Project Young Entrepreneur E-Negosyo System 1.0 A vulnerability has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0 and classified as critical. | 9.8 |
2023-03-30 | CVE-2023-1739 | Simple AND Beautiful Shopping Cart System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Simple and Beautiful Shopping Cart System Project Simple and Beautiful Shopping Cart System 1.0 A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. | 9.8 |
2023-03-30 | CVE-2023-1740 | AIR Cargo Management System Project | SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0 A vulnerability was found in SourceCodester Air Cargo Management System 1.0. | 9.8 |
2023-03-30 | CVE-2023-1735 | Young Entrepreneur E Negosyo System Project | SQL Injection vulnerability in Young Entrepreneur E-Negosyo System Project Young Entrepreneur E-Negosyo System 1.0 A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. | 9.8 |
2023-03-30 | CVE-2023-1737 | Young Entrepreneur E Negosyo System Project | SQL Injection vulnerability in Young Entrepreneur E-Negosyo System Project Young Entrepreneur E-Negosyo System 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. | 9.8 |
2023-03-30 | CVE-2023-1734 | Young Entrepreneur E Negosyo System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Young Entrepreneur E-Negosyo System Project Young Entrepreneur E-Negosyo System 1.0 A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. | 9.8 |
2023-03-30 | CVE-2023-1725 | Infoline TR | Server-Side Request Forgery (SSRF) vulnerability in Infoline-Tr Project Management System Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125. | 9.8 |
2023-03-30 | CVE-2023-25076 | Sniproxy Project | Classic Buffer Overflow vulnerability in Sniproxy Project Sniproxy 0.6.02/0.6.1 A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). | 9.8 |
2023-03-30 | CVE-2023-28731 | Acymailing | Unrestricted Upload of File with Dangerous Type vulnerability in Acymailing AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. | 9.8 |
2023-03-30 | CVE-2023-1699 | Rapid7 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |
2023-03-29 | CVE-2022-43634 | Netatalk | Heap-based Buffer Overflow vulnerability in Netatalk 3.1.13 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. | 9.8 |
2023-03-29 | CVE-2022-2825 | PTC Softwaretoolbox Rockwellautomation GE | Stack-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.8 |
2023-03-29 | CVE-2022-36983 | Ivanti | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. | 9.8 |
2023-03-29 | CVE-2023-1684 | Hadsky | Unrestricted Upload of File with Dangerous Type vulnerability in Hadsky 7.7.16 A vulnerability was found in HadSky 7.7.16. | 9.8 |
2023-03-28 | CVE-2023-1674 | School Registration AND FEE System Project | SQL Injection vulnerability in School Registration and FEE System Project School Registration and FEE System 1.0 A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical. | 9.8 |
2023-03-28 | CVE-2023-1675 | School Registration AND FEE System Project | SQL Injection vulnerability in School Registration and FEE System Project School Registration and FEE System 1.0 A vulnerability was found in SourceCodester School Registration and Fee System 1.0. | 9.8 |
2023-03-28 | CVE-2023-27394 | Propumpservice | OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. | 9.8 |
2023-03-28 | CVE-2023-27886 | Propumpservice | OS Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. | 9.8 |
2023-03-28 | CVE-2023-28398 | Propumpservice | Improper Authentication vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. | 9.8 |
2023-03-28 | CVE-2023-28654 | Propumpservice | Use of Hard-coded Credentials vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. | 9.8 |
2023-03-28 | CVE-2023-28712 | Propumpservice | Command Injection vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. | 9.8 |
2023-03-28 | CVE-2023-28631 | Comrak Project | Improper Handling of Exceptional Conditions vulnerability in Comrak Project Comrak comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. | 9.8 |
2023-03-28 | CVE-2022-46387 | Cmder Maximus5 | ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands. | 9.8 |
2023-03-28 | CVE-2022-0194 | Netatalk Debian | Out-of-bounds Write vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. | 9.8 |
2023-03-28 | CVE-2022-23121 | Netatalk Debian | Improper Handling of Exceptional Conditions vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. | 9.8 |
2023-03-28 | CVE-2022-23122 | Netatalk Debian | Out-of-bounds Write vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. | 9.8 |
2023-03-28 | CVE-2022-23123 | Netatalk Debian | Out-of-bounds Read vulnerability in multiple products This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. | 9.8 |
2023-03-28 | CVE-2022-23124 | Netatalk Debian | Out-of-bounds Read vulnerability in multiple products This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. | 9.8 |
2023-03-28 | CVE-2022-23125 | Netatalk Debian | Out-of-bounds Write vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. | 9.8 |
2023-03-28 | CVE-2023-28326 | Apache | Missing Authentication for Critical Function vulnerability in Apache Openmeetings Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | 9.8 |
2023-03-27 | CVE-2023-1666 | Automatic Question Paper Generator System Project | SQL Injection vulnerability in Automatic Question Paper Generator System Project Automatic Question Paper Generator System 1.0 A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. | 9.8 |
2023-03-27 | CVE-2023-1399 | Keysight | Deserialization of Untrusted Data vulnerability in Keysight N6854A Firmware 2.3.0/2.4.0/2.4.2 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. | 9.8 |
2023-03-27 | CVE-2023-1133 | Deltaww | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. | 9.8 |
2023-03-27 | CVE-2023-1140 | Deltaww | Missing Authentication for Critical Function vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | 9.8 |
2023-03-27 | CVE-2023-1142 | Deltaww | Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | 9.8 |
2023-03-27 | CVE-2023-26959 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Park Ticketing Management System 1.0 Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | 9.8 |
2023-03-27 | CVE-2022-4126 | ABB | Improper Authentication vulnerability in ABB Rccmd Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | 9.8 |
2023-03-27 | CVE-2023-24838 | Hgiga | Information Exposure vulnerability in Hgiga Powerstation Firmware HGiga PowerStation has a vulnerability of Information Leakage. | 9.8 |
2023-03-27 | CVE-2023-25909 | HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. | 9.8 | |
2023-03-27 | CVE-2023-28883 | Cerebrate Project | SQL Injection vulnerability in Cerebrate-Project Cerebrate 1.13 In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. | 9.8 |
2023-03-29 | CVE-2022-2560 | Enterprisedt | Path Traversal vulnerability in Enterprisedt Completeftp Server This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. | 9.1 |
2023-03-29 | CVE-2022-2848 | PTC Softwaretoolbox Rockwellautomation GE | Heap-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.1 |
2023-03-28 | CVE-2022-3686 | Hitachienergy | Unspecified vulnerability in Hitachienergy Sdm600 A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. | 9.1 |
2023-03-31 | CVE-2023-0432 | Deltaww | Cross-site Scripting vulnerability in Deltaww Dx-2100L1-Cn Firmware The web configuration service of the affected device contains an authenticated command injection vulnerability. | 9.0 |
122 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-04-02 | CVE-2022-42447 | Hcltech | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). | 8.8 |
2023-04-02 | CVE-2023-20558 | AMD | Unspecified vulnerability in AMD products Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. | 8.8 |
2023-04-02 | CVE-2023-20559 | AMD | Unspecified vulnerability in AMD products Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | 8.8 |
2023-03-31 | CVE-2023-1747 | Ibos | SQL Injection vulnerability in Ibos A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. | 8.8 |
2023-03-30 | CVE-2023-1744 | Ibos | Unrestricted Upload of File with Dangerous Type vulnerability in Ibos A vulnerability classified as critical was found in IBOS 4.5.5. | 8.8 |
2023-03-30 | CVE-2023-1742 | Ibos | SQL Injection vulnerability in Ibos A vulnerability was found in IBOS 4.5.5. | 8.8 |
2023-03-30 | CVE-2023-1736 | Young Entrepreneur E Negosyo System Project | SQL Injection vulnerability in Young Entrepreneur E-Negosyo System Project Young Entrepreneur E-Negosyo System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. | 8.8 |
2023-03-30 | CVE-2023-27533 | Haxx Fedoraproject Netapp Splunk | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
2023-03-30 | CVE-2023-27534 | Haxx Fedoraproject Netapp Broadcom Splunk | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
2023-03-30 | CVE-2023-28935 | Apache | Command Injection vulnerability in Apache Unstructured Information Management Architecture ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 8.8 |
2023-03-29 | CVE-2022-43620 | Dlink | Improper Authentication vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. | 8.8 |
2023-03-29 | CVE-2022-43621 | Dlink | Incorrect Comparison vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. | 8.8 |
2023-03-29 | CVE-2022-43622 | Dlink | Stack-based Buffer Overflow vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 8.8 |
2023-03-29 | CVE-2022-43630 | Dlink | Stack-based Buffer Overflow vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 8.8 |
2023-03-29 | CVE-2022-27645 | Netgear | Missing Authentication for Critical Function vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. | 8.8 |
2023-03-29 | CVE-2022-38077 | Essentialplugin | Cross-Site Request Forgery (CSRF) vulnerability in Essentialplugin Popup Anything Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. | 8.8 |
2023-03-29 | CVE-2023-23861 | Gmace Project | Cross-Site Request Forgery (CSRF) vulnerability in Gmace Project Gmace 1.5.2 Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions. | 8.8 |
2023-03-29 | CVE-2023-1509 | Gmace Project | Unspecified vulnerability in Gmace Project Gmace 1.5.2 The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. | 8.8 |
2023-03-28 | CVE-2022-3682 | Hitachienergy | Unrestricted Upload of File with Dangerous Type vulnerability in Hitachienergy Sdm600 A vulnerability exists in the SDM600 file permission validation. | 8.8 |
2023-03-27 | CVE-2020-36666 | E Plugins | Unspecified vulnerability in E-Plugins products The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. | 8.8 |
2023-03-27 | CVE-2023-0955 | Veronalabs | Unspecified vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. | 8.8 |
2023-03-27 | CVE-2023-1134 | Deltaww | Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. | 8.8 |
2023-03-27 | CVE-2023-1137 | Deltaww | Insufficiently Protected Credentials vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | 8.8 |
2023-03-27 | CVE-2023-1139 | Deltaww | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | 8.8 |
2023-03-27 | CVE-2023-1141 | Deltaww | Command Injection vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | 8.8 |
2023-03-27 | CVE-2023-1143 | Deltaww | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | 8.8 |
2023-03-27 | CVE-2023-1144 | Deltaww | Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | 8.8 |
2023-03-27 | CVE-2023-27296 | Apache | Deserialization of Untrusted Data vulnerability in Apache Inlong Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. | 8.8 |
2023-03-27 | CVE-2022-30705 | Wordpress Ping Optimizer Project | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Ping Optimizer Project Wordpress Ping Optimizer Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions. | 8.8 |
2023-03-27 | CVE-2023-24837 | HGiga PowerStation remote management function has insufficient filtering for user input. | 8.8 | |
2023-03-27 | CVE-2023-1647 | CAL | Improper Access Control vulnerability in CAL Cal.Com Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. | 8.8 |
2023-03-28 | CVE-2023-28427 | Matrix | Unspecified vulnerability in Matrix Javascript SDK matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. | 8.2 |
2023-03-29 | CVE-2022-48434 | Ffmpeg | Use After Free vulnerability in Ffmpeg libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). | 8.1 |
2023-03-28 | CVE-2023-25195 | Apache | Server-Side Request Forgery (SSRF) vulnerability in Apache Fineract Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3. | 8.1 |
2023-03-27 | CVE-2023-0441 | Simplygallery | Unspecified vulnerability in Simplygallery Simply Gallery Blocks With Lightbox The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. | 8.1 |
2023-03-27 | CVE-2023-25017 | RIFARTEK IOT Wall has a vulnerability of incorrect authorization. | 8.1 | |
2023-03-28 | CVE-2023-28718 | Propumpservice | Cross-Site Request Forgery (CSRF) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. | 8.0 |
2023-04-01 | CVE-2023-0189 | Nvidia | Unspecified vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 |
2023-04-01 | CVE-2023-0198 | Nvidia | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. | 7.8 |
2023-03-31 | CVE-2023-28464 | Linux Netapp | Double Free vulnerability in multiple products hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. | 7.8 |
2023-03-30 | CVE-2023-1745 | Pandora | Uncontrolled Search Path Element vulnerability in Pandora Kmplayer 4.2.2.73 A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. | 7.8 |
2023-03-30 | CVE-2023-1670 | Linux | Use After Free vulnerability in Linux Kernel A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | 7.8 |
2023-03-30 | CVE-2022-4744 | Linux | Double Free vulnerability in Linux Kernel A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). | 7.8 |
2023-03-30 | CVE-2023-1393 | X ORG Fedoraproject | Use After Free vulnerability in multiple products A flaw was found in X.Org Server Overlay Window. | 7.8 |
2023-03-29 | CVE-2022-44370 | Nasm | Out-of-bounds Write vulnerability in Nasm Netwide Assembler NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 | 7.8 |
2023-03-29 | CVE-2023-0664 | Qemu Redhat Fedoraproject | Improper Privilege Management vulnerability in multiple products A flaw was found in the QEMU Guest Agent service for Windows. | 7.8 |
2023-03-29 | CVE-2023-28642 | Linuxfoundation | Link Following vulnerability in Linuxfoundation Runc runc is a CLI tool for spawning and running containers according to the OCI specification. | 7.8 |
2023-03-29 | CVE-2022-37381 | Foxit | Use After Free vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. | 7.8 |
2023-03-29 | CVE-2023-28892 | Malwarebytes | Link Following vulnerability in Malwarebytes Adwcleaner Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. | 7.8 |
2023-03-28 | CVE-2023-1678 | Drivergenius | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Drivergenius 9.70.0.346 A vulnerability classified as critical has been found in DriverGenius 9.70.0.346. | 7.8 |
2023-03-28 | CVE-2023-1679 | Drivergenius | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Drivergenius 9.70.0.346 A vulnerability classified as critical was found in DriverGenius 9.70.0.346. | 7.8 |
2023-03-28 | CVE-2023-1516 | Robodk | Incorrect Permission Assignment for Critical Resource vulnerability in Robodk 5.5.3 RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. | 7.8 |
2023-03-28 | CVE-2023-1676 | Drivergenius | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Drivergenius 9.70.0.346 A vulnerability was found in DriverGenius 9.70.0.346. | 7.8 |
2023-03-27 | CVE-2023-0179 | Linux Canonical Fedoraproject Redhat | Integer Overflow or Wraparound vulnerability in multiple products A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. | 7.8 |
2023-03-27 | CVE-2023-0494 | X ORG Fedoraproject Redhat | Use After Free vulnerability in multiple products A vulnerability was found in X.Org. | 7.8 |
2023-03-27 | CVE-2023-1078 | Linux | Type Confusion vulnerability in Linux Kernel A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. | 7.8 |
2023-03-27 | CVE-2023-25863 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 | |
2023-03-27 | CVE-2023-25864 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25865 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25866 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25867 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25868 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25869 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 | |
2023-03-27 | CVE-2023-25870 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25871 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25872 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25873 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 | |
2023-03-27 | CVE-2023-25874 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-25908 | Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 | |
2023-03-27 | CVE-2023-1654 | Gpac | Resource Exhaustion vulnerability in Gpac Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. | 7.8 |
2023-03-27 | CVE-2023-1135 | Deltaww | Incorrect Permission Assignment for Critical Resource vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | 7.8 |
2023-03-27 | CVE-2023-1145 | Deltaww | Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | 7.8 |
2023-04-02 | CVE-2023-1580 | Devolutions | Resource Exhaustion vulnerability in Devolutions Gateway 2023.1.1 Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable. | 7.5 |
2023-04-01 | CVE-2023-1790 | Simple Task Allocation System Project | Unspecified vulnerability in Simple Task Allocation System Project Simple Task Allocation System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. | 7.5 |
2023-03-31 | CVE-2023-26485 | Github | Resource Exhaustion vulnerability in Github Cmark-Gfm cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. | 7.5 |
2023-03-31 | CVE-2022-4899 | Resource Exhaustion vulnerability in Facebook Zstandard 1.4.10 A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. | 7.5 | |
2023-03-31 | CVE-2023-28877 | Vtex | Unspecified vulnerability in Vtex Apps-Graphql 2.X The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. | 7.5 |
2023-03-31 | CVE-2023-0343 | Akuvox | Use of Insufficiently Random Values vulnerability in Akuvox E11 Firmware Akuvox E11 contains a function that encrypts messages which are then forwarded. | 7.5 |
2023-03-31 | CVE-2023-0344 | Akuvox | Unspecified vulnerability in Akuvox E11 Firmware Akuvox E11 appears to be using a custom version of dropbear SSH server. | 7.5 |
2023-03-31 | CVE-2023-1769 | Grade Point Average GPA Calculator Project | Unspecified vulnerability in Grade Point Average (Gpa) Calculator Project Grade Point Average (Gpa) Calculator 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. | 7.5 |
2023-03-30 | CVE-2023-28846 | Unpoly | Resource Exhaustion vulnerability in Unpoly Unpoly-Rails Unpoly is a JavaScript framework for server-side web applications. | 7.5 |
2023-03-30 | CVE-2023-28644 | Nextcloud | Unspecified vulnerability in Nextcloud Server 25.0.0/25.0.2 Nextcloud server is an open source home cloud implementation. | 7.5 |
2023-03-30 | CVE-2023-24472 | Openimageio | Uncontrolled Recursion vulnerability in Openimageio 2.4.7.1 A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. | 7.5 |
2023-03-30 | CVE-2023-28732 | Acymailing | Path Traversal vulnerability in Acymailing Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. | 7.5 |
2023-03-30 | CVE-2023-1014 | Dizayn | Unspecified vulnerability in Dizayn Vira-Investing Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.This issue affects Vira-Investing: before 1.0.84.86. | 7.5 |
2023-03-29 | CVE-2023-0836 | Haproxy | Incomplete Cleanup vulnerability in Haproxy An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. | 7.5 |
2023-03-29 | CVE-2023-1656 | Forgerock | Cleartext Transmission of Sensitive Information vulnerability in Forgerock Ldap Connector Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. | 7.5 |
2023-03-29 | CVE-2023-1680 | Xunruicms | Unspecified vulnerability in Xunruicms 4.6.1 A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. | 7.5 |
2023-03-29 | CVE-2023-1683 | Xunruicms | Cleartext Storage of Sensitive Information vulnerability in Xunruicms 4.6.1 A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. | 7.5 |
2023-03-29 | CVE-2023-1682 | Xunruicms | Forced Browsing vulnerability in Xunruicms 4.6.1 A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. | 7.5 |
2023-03-28 | CVE-2023-1681 | Xunruicms | Unspecified vulnerability in Xunruicms 4.6.1 A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. | 7.5 |
2023-03-28 | CVE-2023-1518 | Cpplusworld | Insufficiently Protected Credentials vulnerability in Cpplusworld Kvms PRO 2.01.0.T.190521 CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected. | 7.5 |
2023-03-28 | CVE-2023-28375 | Propumpservice | Files or Directories Accessible to External Parties vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. | 7.5 |
2023-03-28 | CVE-2023-28626 | Comrak Project | Resource Exhaustion vulnerability in Comrak Project Comrak comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. | 7.5 |
2023-03-28 | CVE-2023-28395 | Propumpservice | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. | 7.5 |
2023-03-28 | CVE-2022-3683 | Hitachienergy | Unspecified vulnerability in Hitachienergy Sdm600 A vulnerability exists in the SDM600 API web services authorization validation implementation. | 7.5 |
2023-03-28 | CVE-2022-3684 | Hitachienergy | Improper Resource Shutdown or Release vulnerability in Hitachienergy Sdm600 A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. | 7.5 |
2023-03-28 | CVE-2023-23330 | Amano | Files or Directories Accessible to External Parties vulnerability in Amano Xoffice 7.1.3879 amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion. | 7.5 |
2023-03-27 | CVE-2022-3116 | Heimdal Project | NULL Pointer Dereference vulnerability in Heimdal Project Heimdal The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. | 7.5 |
2023-03-27 | CVE-2023-0210 | Linux | Out-of-bounds Write vulnerability in Linux Kernel A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. | 7.5 |
2023-03-27 | CVE-2023-20860 | Vmware | Unspecified vulnerability in VMWare Spring Framework Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | 7.5 |
2023-03-27 | CVE-2023-22247 | Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. | 7.5 | |
2023-03-27 | CVE-2023-1136 | Deltaww | Incorrect Authorization vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | 7.5 |
2023-03-27 | CVE-2023-1138 | Deltaww | Unspecified vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | 7.5 |
2023-03-27 | CVE-2022-47925 | Csaf Validator LIB Project | Improper Input Validation vulnerability in Csaf-Validator-Lib Project Csaf-Validator-Lib The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. | 7.5 |
2023-03-29 | CVE-2022-45355 | Thimpress | SQL Injection vulnerability in Thimpress WP Pipes Auth. | 7.2 |
2023-03-29 | CVE-2023-1685 | Hadsky | Command Injection vulnerability in Hadsky A vulnerability was found in HadSky up to 7.11.8. | 7.2 |
2023-03-29 | CVE-2023-23355 | Qnap | Command Injection vulnerability in Qnap products An OS command injection vulnerability has been reported to affect QNAP operating systems. | 7.2 |
2023-03-28 | CVE-2022-3685 | Hitachienergy | Unspecified vulnerability in Hitachienergy Sdm600 A vulnerability exists in the SDM600 software. | 7.2 |
2023-03-27 | CVE-2023-25828 | Pluck CMS | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. | 7.2 |
2023-03-27 | CVE-2023-24835 | Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. | 7.2 | |
2023-03-27 | CVE-2023-24840 | HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. | 7.2 | |
2023-03-27 | CVE-2023-24841 | HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. | 7.2 | |
2023-04-01 | CVE-2023-0180 | Nvidia | Unspecified vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. | 7.1 |
2023-04-01 | CVE-2023-0181 | Nvidia | Incorrect Default Permissions vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | 7.1 |
2023-04-01 | CVE-2023-0183 | Nvidia | Out-of-bounds Write vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. | 7.1 |
2023-04-01 | CVE-2023-0185 | Nvidia | Incorrect Conversion between Numeric Types vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. | 7.1 |
2023-04-01 | CVE-2023-0191 | Nvidia | Out-of-bounds Write vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. | 7.1 |
2023-04-01 | CVE-2023-0208 | Nvidia | Out-of-bounds Write vulnerability in Nvidia Data Center GPU Manager NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. | 7.1 |
2023-03-29 | CVE-2023-1652 | Linux Redhat | Use After Free vulnerability in multiple products A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. | 7.1 |
2023-03-27 | CVE-2023-1380 | Redhat Linux Netapp Debian Canonical | Out-of-bounds Read vulnerability in multiple products A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. | 7.1 |
2023-03-27 | CVE-2023-1077 | Linux Debian Netapp | Type Confusion vulnerability in multiple products In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. | 7.0 |
162 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-29 | CVE-2022-43619 | Dlink | Use of Externally-Controlled Format String vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43623 | Dlink | Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43624 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43625 | Dlink | Stack-based Buffer Overflow vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43626 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43627 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43628 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43629 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43631 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43632 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-29 | CVE-2022-43633 | Dlink | OS Command Injection vulnerability in Dlink Dir-1935 Firmware 1.03 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. | 6.8 |
2023-03-27 | CVE-2023-1079 | Linux | Use After Free vulnerability in Linux Kernel A flaw was found in the Linux kernel. | 6.8 |
2023-03-30 | CVE-2023-0620 | Hashicorp | SQL Injection vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. | 6.7 |
2023-03-28 | CVE-2022-47529 | RSA | Unspecified vulnerability in RSA Netwitness 11.2.1.1 Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. | 6.7 |
2023-03-27 | CVE-2023-1073 | Linux Redhat Fedoraproject | Out-of-bounds Write vulnerability in multiple products A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. | 6.6 |
2023-04-02 | CVE-2023-1202 | Devolutions | Incorrect Authorization vulnerability in Devolutions Remote Desktop Manager Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. | 6.5 |
2023-04-02 | CVE-2023-1574 | Devolutions | Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. | 6.5 |
2023-04-02 | CVE-2023-1603 | Devolutions | Incorrect Authorization vulnerability in Devolutions Server Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. | 6.5 |
2023-03-31 | CVE-2023-27163 | Rbaskets | Server-Side Request Forgery (SSRF) vulnerability in Rbaskets Request Baskets request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. | 6.5 |
2023-03-31 | CVE-2023-1775 | Mattermost | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients. | 6.5 |
2023-03-30 | CVE-2023-0665 | Hashicorp | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. | 6.5 |
2023-03-27 | CVE-2023-27927 | Sauter Controls | Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls Ey-As525F001 Firmware An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. | 6.5 |
2023-03-27 | CVE-2023-28652 | Sauter Controls | Unrestricted Upload of File with Dangerous Type vulnerability in Sauter-Controls Ey-As525F001 Firmware An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. | 6.5 |
2023-03-27 | CVE-2023-0335 | Wpvar | Missing Authorization vulnerability in Wpvar WP Shamsi The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. | 6.5 |
2023-03-27 | CVE-2023-0336 | Ooohboi Steroids FOR Elementor Project | Missing Authorization vulnerability in Ooohboi Steroids for Elementor Project Ooohboi Steroids for Elementor The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. | 6.5 |
2023-03-27 | CVE-2023-0500 | Hasthemes | Unspecified vulnerability in Hasthemes WP Film Studio The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 6.5 |
2023-03-27 | CVE-2023-0501 | Hasthemes | Unspecified vulnerability in Hasthemes WP Insurance The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 6.5 |
2023-03-27 | CVE-2023-0502 | Hasthemes | Unspecified vulnerability in Hasthemes WP News The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 6.5 |
2023-03-27 | CVE-2023-0816 | Strategy11 | Authentication Bypass by Spoofing vulnerability in Strategy11 Formidable Form Builder The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | 6.5 |
2023-03-27 | CVE-2023-1092 | Miniorange | Unspecified vulnerability in Miniorange Oauth Single Sign on The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack | 6.5 |
2023-03-27 | CVE-2023-1093 | Miniorange | Unspecified vulnerability in Miniorange Oauth Single Sign on The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack | 6.5 |
2023-03-27 | CVE-2022-47924 | Csaf Validator LIB Project | Unspecified vulnerability in Csaf-Validator-Lib Project Csaf-Validator-Lib An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation. | 6.5 |
2023-03-27 | CVE-2023-24834 | WisdomGarden Tronclass has improper access control when uploading file. | 6.5 | |
2023-03-29 | CVE-2023-25809 | Linuxfoundation | Improper Preservation of Permissions vulnerability in Linuxfoundation Runc runc is a CLI tool for spawning and running containers according to the OCI specification. | 6.3 |
2023-03-28 | CVE-2023-25197 | Apache | SQL Injection vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. | 6.3 |
2023-04-02 | CVE-2023-1795 | Gadget Works Online Ordering System Project | Cross-site Scripting vulnerability in Gadget Works Online Ordering System Project Gadget Works Online Ordering System 1.0 A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. | 6.1 |
2023-04-02 | CVE-2023-1794 | Police Crime Record Management System Project | Cross-site Scripting vulnerability in Police Crime Record Management System Project Police Crime Record Management System 1.0 A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. | 6.1 |
2023-03-31 | CVE-2023-1771 | Grade Point Average GPA Calculator Project | Cross-site Scripting vulnerability in Grade Point Average (Gpa) Calculator Project Grade Point Average (Gpa) Calculator 1.0 A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. | 6.1 |
2023-03-31 | CVE-2023-1060 | Ykmbilisim | Cross-site Scripting vulnerability in Ykmbilisim YKM CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30. | 6.1 |
2023-03-30 | CVE-2023-1743 | Grade Point Average GPA Calculator Project | Cross-site Scripting vulnerability in Grade Point Average (Gpa) Calculator Project Grade Point Average (Gpa) Calculator 1.0 A vulnerability classified as problematic has been found in SourceCodester Grade Point Average GPA Calculator 1.0. | 6.1 |
2023-03-30 | CVE-2023-28733 | Acymailing | Cross-site Scripting vulnerability in Acymailing AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. | 6.1 |
2023-03-30 | CVE-2023-23677 | Gtmetrix | Cross-site Scripting vulnerability in Gtmetrix Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions. | 6.1 |
2023-03-30 | CVE-2023-1013 | Dizayn | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Dizayn Vira-Investing Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).This issue affects Vira-Investing: before 1.0.84.86. | 6.1 |
2023-03-29 | CVE-2023-22705 | Collne | Cross-site Scripting vulnerability in Collne Welcart E-Commerce Unauth. | 6.1 |
2023-03-29 | CVE-2022-47603 | Wpdevart | Cross-site Scripting vulnerability in Wpdevart Image and Video Gallery With Thumbnails Unauth. | 6.1 |
2023-03-29 | CVE-2023-26290 | Forcepoint | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
2023-03-29 | CVE-2023-26291 | Forcepoint | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
2023-03-29 | CVE-2023-26292 | Forcepoint | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
2023-03-29 | CVE-2022-47433 | Multi Rating Project | Cross-site Scripting vulnerability in Multi Rating Project Multi Rating Unauth. | 6.1 |
2023-03-29 | CVE-2022-47444 | Properfraction | Cross-site Scripting vulnerability in Properfraction Profilepress Unauth. | 6.1 |
2023-03-29 | CVE-2023-1690 | Earnings AND Expense Tracker APP Project | Cross-site Scripting vulnerability in Earnings and Expense Tracker APP Project Earnings and Expense Tracker APP 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0. | 6.1 |
2023-03-29 | CVE-2023-1689 | Earnings AND Expense Tracker APP Project | Cross-site Scripting vulnerability in Earnings and Expense Tracker APP Project Earnings and Expense Tracker APP 1.0 A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. | 6.1 |
2023-03-29 | CVE-2023-1688 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Earnings and Expense Tracker Application 1.0 A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. | 6.1 |
2023-03-29 | CVE-2023-1687 | Task Allocation System Project | Cross-site Scripting vulnerability in Task Allocation System Project Task Allocation System 1.0 A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. | 6.1 |
2023-03-29 | CVE-2023-1686 | Young Entrepreneur E Negosyo System Project | Cross-site Scripting vulnerability in Young Entrepreneur E-Negosyo System Project Young Entrepreneur E-Negosyo System 1.0 A vulnerability was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. | 6.1 |
2023-03-28 | CVE-2023-28447 | Smarty Fedoraproject | Cross-site Scripting vulnerability in multiple products Smarty is a template engine for PHP. | 6.1 |
2023-03-28 | CVE-2023-28648 | Propumpservice | Cross-site Scripting vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01 Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. | 6.1 |
2023-03-28 | CVE-2022-45825 | Liquidweb | Cross-site Scripting vulnerability in Liquidweb Wpcomplete Unauth. | 6.1 |
2023-03-28 | CVE-2022-45831 | Oxilab | Cross-site Scripting vulnerability in Oxilab Image Hover Effects for Elementor With Lightbox and Flipbox Unauth. | 6.1 |
2023-03-27 | CVE-2023-22300 | Sauter Controls | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. | 6.1 |
2023-03-27 | CVE-2023-28650 | Sauter Controls | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. | 6.1 |
2023-03-27 | CVE-2022-47146 | Contempothemes | Cross-site Scripting vulnerability in Contempothemes Real Estate 7 Unauth. | 6.1 |
2023-03-27 | CVE-2022-46843 | Levantoan | Cross-site Scripting vulnerability in Levantoan Woocommerce Vietnam Checkout Unauth. | 6.1 |
2023-03-27 | CVE-2023-24839 | HGiga MailSherlock’s specific function has insufficient filtering for user input. | 6.1 | |
2023-03-27 | CVE-2023-28884 | Misp Project | Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform 2.4.169 In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. | 6.1 |
2023-03-30 | CVE-2023-27535 | Haxx Fedoraproject Debian Netapp Splunk | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. | 5.9 |
2023-03-30 | CVE-2023-27536 | Haxx Fedoraproject Debian Netapp Splunk | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. | 5.9 |
2023-03-30 | CVE-2023-27537 | Haxx Netapp Broadcom Splunk | Double Free vulnerability in multiple products A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". | 5.9 |
2023-03-27 | CVE-2023-28638 | Snappier Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Snappier Project Snappier 1.1.0 Snappier is a high performance C# implementation of the Snappy compression algorithm. | 5.9 |
2023-04-01 | CVE-2023-0187 | Nvidia | Out-of-bounds Read vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. | 5.5 |
2023-04-01 | CVE-2023-0188 | Nvidia | Out-of-bounds Read vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. | 5.5 |
2023-03-30 | CVE-2023-27538 | Haxx Fedoraproject Debian Netapp Broadcom Splunk | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. | 5.5 |
2023-03-29 | CVE-2023-1550 | F5 | Information Exposure Through Log Files vulnerability in F5 Nginx Agent and Nginx Instance Manager Insertion of Sensitive Information into log file vulnerability in NGINX Agent. | 5.5 |
2023-03-28 | CVE-2023-1677 | Drivergenius | Unspecified vulnerability in Drivergenius 9.70.0.346 A vulnerability was found in DriverGenius 9.70.0.346. | 5.5 |
2023-03-27 | CVE-2023-1637 | Linux | Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel 5.18 A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. | 5.5 |
2023-03-27 | CVE-2023-26924 | Llvm | Classic Buffer Overflow vulnerability in Llvm 20230122 LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. | 5.5 |
2023-03-27 | CVE-2023-1074 | Linux | Memory Leak vulnerability in Linux Kernel A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. | 5.5 |
2023-03-27 | CVE-2023-1076 | Linux | Type Confusion vulnerability in Linux Kernel A flaw was found in the Linux Kernel. | 5.5 |
2023-03-27 | CVE-2023-25875 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 | |
2023-03-27 | CVE-2023-25876 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 | |
2023-03-27 | CVE-2023-25877 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 | |
2023-03-27 | CVE-2023-25878 | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 | |
2023-04-02 | CVE-2022-42452 | Hcltechsw | Cross-site Scripting vulnerability in Hcltechsw HCL Launch HCL Launch is vulnerable to HTML injection. | 5.4 |
2023-04-02 | CVE-2023-26283 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server 9.0 IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. | 5.4 |
2023-04-02 | CVE-2023-1798 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. | 5.4 |
2023-04-02 | CVE-2023-1799 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. | 5.4 |
2023-04-02 | CVE-2023-1796 | Employee Payslip Generator System Project | Cross-site Scripting vulnerability in Employee Payslip Generator System Project Employee Payslip Generator System 1.0 A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. | 5.4 |
2023-03-31 | CVE-2023-1774 | Mattermost | Missing Authorization vulnerability in Mattermost Server When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. | 5.4 |
2023-03-31 | CVE-2023-1776 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. | 5.4 |
2023-03-31 | CVE-2023-1761 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 5.4 |
2023-03-30 | CVE-2023-1746 | Dreamer CMS Project | Cross-site Scripting vulnerability in Dreamer CMS Project Dreamer CMS A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. | 5.4 |
2023-03-30 | CVE-2022-43473 | Zohocorp | XXE vulnerability in Zohocorp Manageengine Opmanager A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. | 5.4 |
2023-03-30 | CVE-2023-23681 | Webdevocean | Cross-site Scripting vulnerability in Webdevocean Image Hover Effects for Wpbakery Page Builder Auth. | 5.4 |
2023-03-30 | CVE-2023-24399 | Oceanwp | Cross-site Scripting vulnerability in Oceanwp Ocean Extra Auth. | 5.4 |
2023-03-30 | CVE-2023-25040 | Getshortcodes | Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate Auth. | 5.4 |
2023-03-30 | CVE-2023-23670 | Heateor | Cross-site Scripting vulnerability in Heateor Fancy Comments Auth. | 5.4 |
2023-03-29 | CVE-2022-1274 | Redhat | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak in the execute-actions-email endpoint. | 5.4 |
2023-03-29 | CVE-2022-47602 | Joomunited | Cross-site Scripting vulnerability in Joomunited WP Table Manager Auth. | 5.4 |
2023-03-29 | CVE-2022-47438 | Wpdevart | Cross-site Scripting vulnerability in Wpdevart Booking Calendar Auth. | 5.4 |
2023-03-28 | CVE-2022-46848 | Themeisle | Cross-site Scripting vulnerability in Themeisle Visualizer Auth. | 5.4 |
2023-03-28 | CVE-2022-46855 | Wpdarko | Cross-site Scripting vulnerability in Wpdarko Responsive Pricing Table Auth. | 5.4 |
2023-03-27 | CVE-2023-28655 | Sauter Controls | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. | 5.4 |
2023-03-27 | CVE-2022-48429 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible | 5.4 |
2023-03-27 | CVE-2023-0272 | Basixonline | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-03-27 | CVE-2023-0395 | Menu Shortcode Project | Unspecified vulnerability in Menu Shortcode Project Menu Shortcode 1.0 The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-27 | CVE-2023-0491 | Schedulicity | Unspecified vulnerability in Schedulicity The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
2023-03-27 | CVE-2023-0589 | WP Image Carousel Project | Unspecified vulnerability in WP Image Carousel Project WP Image Carousel The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. | 5.4 |
2023-03-27 | CVE-2023-0660 | Nextendweb | Unspecified vulnerability in Nextendweb Smart Slider 3 The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-03-27 | CVE-2023-0823 | HU Manity | Unspecified vulnerability in Hu-Manity Cookie Notice & Compliance for Gdpr / Ccpa The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-03-27 | CVE-2023-1069 | Really Simple Plugins | Unspecified vulnerability in Really-Simple-Plugins Complianz The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
2023-03-27 | CVE-2023-22707 | Greenshiftwp | Cross-site Scripting vulnerability in Greenshiftwp Greenshift - Animation and Page Builder Blocks Auth. | 5.4 |
2023-03-27 | CVE-2023-22902 | Openfind Mail2000 file uploading function has insufficient filtering for user input. | 5.4 | |
2023-03-27 | CVE-2023-25018 | RIFARTEK IOT Wall transportation function has insufficient filtering for user input. | 5.4 | |
2023-03-31 | CVE-2022-3192 | ABB | Improper Check for Unusual or Exceptional Conditions vulnerability in ABB Ac500 CPU Firmware Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6. | 5.3 |
2023-03-31 | CVE-2023-1777 | Mattermost | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message. | 5.3 |
2023-03-31 | CVE-2023-1258 | ABB | Information Exposure vulnerability in ABB products Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0. | 5.3 |
2023-03-31 | CVE-2023-28755 | Ruby Lang Debian Fedoraproject | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. | 5.3 |
2023-03-31 | CVE-2023-28756 | Ruby Lang Debian Fedoraproject | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. | 5.3 |
2023-03-30 | CVE-2023-26116 | Angularjs Fedoraproject | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. | 5.3 |
2023-03-30 | CVE-2023-26117 | Angularjs Fedoraproject | Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. | 5.3 |
2023-03-30 | CVE-2023-26118 | Angularjs Fedoraproject | Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. | 5.3 |
2023-03-29 | CVE-2023-1663 | Synopsys | Forced Browsing vulnerability in Synopsys Coverity Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. | 5.3 |
2023-03-28 | CVE-2022-36060 | Matrix | Unspecified vulnerability in Matrix React SDK matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. | 5.3 |
2023-03-28 | CVE-2023-0465 | Openssl | Improper Certificate Validation vulnerability in Openssl Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | 5.3 |
2023-03-28 | CVE-2023-0466 | Openssl | Improper Certificate Validation vulnerability in Openssl The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. | 5.3 |
2023-03-27 | CVE-2023-22250 | Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 | |
2023-03-27 | CVE-2023-24842 | HGiga MailSherlock has vulnerability of insufficient access control. | 5.3 | |
2023-03-27 | CVE-2023-28866 | Linux | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. | 5.3 |
2023-03-31 | CVE-2023-1772 | Datagear | Cross-site Scripting vulnerability in Datagear A vulnerability was found in DataGear up to 4.5.1. | 4.8 |
2023-03-30 | CVE-2023-23675 | Catchsquare | Cross-site Scripting vulnerability in Catchsquare WP Smart Preloader Auth. | 4.8 |
2023-03-29 | CVE-2022-47607 | Usersnap | Cross-site Scripting vulnerability in Usersnap Auth. | 4.8 |
2023-03-29 | CVE-2022-47610 | Mrdigital | Cross-site Scripting vulnerability in Mrdigital Simple Image Popup Auth. | 4.8 |
2023-03-29 | CVE-2022-47613 | Quantumcloud | Cross-site Scripting vulnerability in Quantumcloud AI Chatbot Auth. | 4.8 |
2023-03-29 | CVE-2022-47596 | Jeffrey WP | Cross-site Scripting vulnerability in Jeffrey-Wp Media Library Categories Auth. | 4.8 |
2023-03-29 | CVE-2023-1575 | Megamain | Unspecified vulnerability in Megamain Mega Main Menu The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. | 4.8 |
2023-03-28 | CVE-2022-46863 | Fullworksplugins | Cross-site Scripting vulnerability in Fullworksplugins Quick Event Manager Auth. | 4.8 |
2023-03-28 | CVE-2022-47170 | Unlimited Elements | Cross-site Scripting vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates) Auth. | 4.8 |
2023-03-28 | CVE-2023-25704 | Wpmart | Cross-site Scripting vulnerability in Wpmart Interactive SVG Image MAP Builder 1.0 Auth. | 4.8 |
2023-03-27 | CVE-2023-22249 | Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. | 4.8 | |
2023-03-27 | CVE-2023-1025 | Simplefilelist | Cross-site Scripting vulnerability in Simplefilelist Simple File List The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-03-27 | CVE-2023-1400 | Webnus | Unspecified vulnerability in Webnus Modern Events Calendar Lite The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-03-27 | CVE-2023-26958 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Park Ticketing Management System 1.0 Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. | 4.8 |
2023-03-31 | CVE-2023-1754 | Phpmyfaq | Cross-site Scripting vulnerability in PHPmyfaq Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 4.7 |
2023-03-30 | CVE-2023-25000 | Hashicorp | Information Exposure Through Discrepancy vulnerability in Hashicorp Vault HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. | 4.7 |
2023-04-01 | CVE-2023-0194 | Nvidia | Unspecified vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. | 4.6 |
2023-03-29 | CVE-2022-42432 | Linux | Use of Uninitialized Variable vulnerability in Linux Kernel 6.0 This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. | 4.4 |
2023-03-28 | CVE-2023-25196 | Apache | SQL Injection vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. | 4.3 |
2023-03-27 | CVE-2023-22251 | Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. | 4.3 | |
2023-03-27 | CVE-2023-0467 | Wppool | Path Traversal vulnerability in Wppool WP Dark Mode The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. | 4.3 |
2023-03-27 | CVE-2023-0484 | Hasthemes | Unspecified vulnerability in Hasthemes Contact Form 7 Widget for Elementor Page Builder & Gutenberg Blocks The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0495 | Hasthemes | Unspecified vulnerability in Hasthemes HT Slider for Elementor The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0496 | Hasthemes | Unspecified vulnerability in Hasthemes HT Event The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0497 | Hasthemes | Unspecified vulnerability in Hasthemes HT Portfolio The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0498 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes WP Education The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0499 | Hasthemes | Unspecified vulnerability in Hasthemes Quickswish The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0503 | Hasthemes | Unspecified vulnerability in Hasthemes Free Woocommerce Theme 99Fy Extension The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0504 | Hasthemes | Unspecified vulnerability in Hasthemes HT Politic The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-0505 | Hasthemes | Unspecified vulnerability in Hasthemes Ever Compare The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-1086 | Hasthemes | Unspecified vulnerability in Hasthemes Preview Link Generator 1.0.0/1.0.2/1.0.3 The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-1087 | Hasthemes | Unspecified vulnerability in Hasthemes WC Sales Notification The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-1088 | Hasthemes | Unspecified vulnerability in Hasthemes WP Plugin Manager The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
2023-03-27 | CVE-2023-1089 | Hasthemes | Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Coupon ZEN The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack | 4.3 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2023-03-27 | CVE-2023-28640 | Apiman | Missing Authorization vulnerability in Apiman 3.0.0 Apiman is a flexible and open source API Management platform. | 3.1 |
2023-03-29 | CVE-2022-27597 | Qnap | Unspecified vulnerability in Qnap products A vulnerability has been reported to affect QNAP operating systems. | 2.7 |
2023-03-29 | CVE-2022-27598 | Qnap | Unspecified vulnerability in Qnap products A vulnerability has been reported to affect QNAP operating systems. | 2.7 |
2023-04-01 | CVE-2023-0195 | Nvidia | Improper Validation of Specified Quantity in Input vulnerability in Nvidia Virtual GPU NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver | 2.4 |
2023-03-27 | CVE-2022-39043 | Juiker | Insecure Storage of Sensitive Information vulnerability in Juiker 4.6.0607.1 Juiker app stores debug logs which contains sensitive information to mobile external storage. | 2.4 |
2023-03-27 | CVE-2021-3923 | Redhat Fedoraproject | A flaw was found in the Linux kernel's implementation of RDMA over infiniband. | 2.3 |