| 2023-03-30 | CVE-2023-27533 | Haxx | Injection vulnerability in Haxx Curl A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
| 2023-03-30 | CVE-2023-27534 | Haxx | Path Traversal vulnerability in Haxx Curl A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
| 2023-03-29 | CVE-2022-27645 | Netgear | Missing Authentication for Critical Function vulnerability in Netgear products This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. | 8.8 |
| 2023-03-29 | CVE-2023-23355 | Qnap | Command Injection vulnerability in Qnap products A vulnerability has been reported to affect QNAP operating systems. | 8.8 |
| 2023-03-27 | CVE-2023-24837 | | HGiga PowerStation remote management function has insufficient filtering for user input. | 8.8 |
| 2023-03-28 | CVE-2023-28427 | Matrix | Unspecified vulnerability in Matrix Javascript SDK matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. | 8.2 |
| 2023-03-29 | CVE-2022-48434 | Ffmpeg | Use After Free vulnerability in Ffmpeg libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). | 8.1 |
| 2023-03-27 | CVE-2023-25017 | | RIFARTEK IOT Wall has a vulnerability of incorrect authorization. | 8.1 |
| 2023-03-31 | CVE-2023-28464 | Linux | Double Free vulnerability in Linux Kernel hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. | 7.8 |
| 2023-03-30 | CVE-2023-1670 | Linux | Use After Free vulnerability in Linux Kernel 6.3 A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | 7.8 |
| 2023-03-30 | CVE-2022-4744 | Linux | Double Free vulnerability in Linux Kernel 5.16 A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). | 7.8 |
| 2023-03-30 | CVE-2023-1393 | X ORG
Fedoraproject | Use After Free vulnerability in multiple products A flaw was found in X.Org Server Overlay Window. | 7.8 |
| 2023-03-29 | CVE-2023-0664 | Qemu
Redhat
Fedoraproject | Improper Privilege Management vulnerability in multiple products A flaw was found in the QEMU Guest Agent service for Windows. | 7.8 |
| 2023-03-29 | CVE-2022-37381 | Foxit | Use After Free vulnerability in Foxit PDF Editor and PDF Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. | 7.8 |
| 2023-03-27 | CVE-2023-0179 | Linux
Canonical
Fedoraproject
Redhat | Integer Overflow or Wraparound vulnerability in multiple products A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. | 7.8 |
| 2023-03-27 | CVE-2023-1077 | Linux | Type Confusion vulnerability in Linux Kernel In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. | 7.8 |
| 2023-03-27 | CVE-2023-1078 | Linux | Type Confusion vulnerability in Linux Kernel A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. | 7.8 |
| 2023-03-27 | CVE-2023-25863 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
| 2023-03-27 | CVE-2023-25864 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25865 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25866 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25867 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25868 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25869 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
| 2023-03-27 | CVE-2023-25870 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25871 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25872 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25873 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
| 2023-03-27 | CVE-2023-25874 | | Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-25908 | | Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-03-27 | CVE-2023-1654 | Gpac | Resource Exhaustion vulnerability in Gpac Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. | 7.8 |
| 2023-03-31 | CVE-2023-28755 | Ruby Lang | Unspecified vulnerability in Ruby-Lang URI A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. | 7.5 |
| 2023-03-31 | CVE-2023-28756 | Ruby Lang | Unspecified vulnerability in Ruby-Lang Ruby and Time A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. | 7.5 |
| 2023-03-30 | CVE-2023-27535 | Haxx
Fedoraproject | Improper Authentication vulnerability in multiple products An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. | 7.5 |
| 2023-03-30 | CVE-2023-26116 | Angularjs | Unspecified vulnerability in Angularjs Angular Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. | 7.5 |
| 2023-03-30 | CVE-2023-26117 | Angularjs | Unspecified vulnerability in Angularjs Angular Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. | 7.5 |
| 2023-03-30 | CVE-2023-26118 | Angularjs | Unspecified vulnerability in Angularjs Angular Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. | 7.5 |
| 2023-03-29 | CVE-2023-1683 | Xunruicms | Cleartext Storage of Sensitive Information vulnerability in Xunruicms 4.6.1 A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. | 7.5 |
| 2023-03-29 | CVE-2023-1682 | Xunruicms | Forced Browsing vulnerability in Xunruicms 4.6.1 A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. | 7.5 |
| 2023-03-28 | CVE-2023-1681 | Xunruicms | Unspecified vulnerability in Xunruicms 4.6.1 A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. | 7.5 |
| 2023-03-28 | CVE-2023-28626 | Comrak Project | Resource Exhaustion vulnerability in Comrak Project Comrak comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. | 7.5 |
| 2023-03-27 | CVE-2022-3116 | Heimdal Project | NULL Pointer Dereference vulnerability in Heimdal Project Heimdal The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. | 7.5 |
| 2023-03-27 | CVE-2023-0210 | Linux | Out-of-bounds Write vulnerability in Linux Kernel 6.2 A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. | 7.5 |
| 2023-03-27 | CVE-2023-20860 | Vmware | Unspecified vulnerability in VMWare Spring Framework Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | 7.5 |
| 2023-03-27 | CVE-2023-22247 | | Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. | 7.5 |
| 2023-03-27 | CVE-2023-24835 | | Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. | 7.2 |
| 2023-03-27 | CVE-2023-24840 | | HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. | 7.2 |
| 2023-03-27 | CVE-2023-24841 | | HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. | 7.2 |
| 2023-03-29 | CVE-2023-1652 | Linux
Redhat | Use After Free vulnerability in multiple products A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. | 7.1 |
| 2023-03-27 | CVE-2023-1380 | Linux
Redhat | Out-of-bounds Read vulnerability in multiple products A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. | 7.1 |