CVE List - 2023 / March
Showing 1 - 100 of 2488 CVEs for March 2023 (Page 1 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-3294 | 2023-03-01 | Node address isn't always verified when proxying |
| CVE-2022-45608 | 2023-03-01 | An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is... |
| CVE-2022-48309 | 2023-03-01 | A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. |
| CVE-2022-48310 | 2023-03-01 | An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90. |
| CVE-2022-4901 | 2023-03-01 | Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded... |
| CVE-2023-1104 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress |
| CVE-2023-1105 | 2023-03-01 | External Control of File Name or Path in flatpressblog/flatpress |
| CVE-2023-1115 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-1116 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-1117 | 2023-03-01 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-1127 | 2023-03-01 | Divide By Zero in vim/vim |
| CVE-2023-23000 | 2023-03-01 | In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. |
| CVE-2023-23001 | 2023-03-01 | In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23002 | 2023-03-01 | In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23003 | 2023-03-01 | In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. |
| CVE-2023-23004 | 2023-03-01 | In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23005 | 2023-03-01 | In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this... |
| CVE-2023-23006 | 2023-03-01 | In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). |
| CVE-2023-23315 | 2023-03-01 | The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial... |
| CVE-2023-24045 | 2023-03-01 | In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. |
| CVE-2023-24117 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24118 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. |
| CVE-2023-24119 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. |
| CVE-2023-24120 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24121 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24122 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24123 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. |
| CVE-2023-24124 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. |
| CVE-2023-24125 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24126 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24127 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. |
| CVE-2023-24128 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. |
| CVE-2023-24129 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. |
| CVE-2023-24130 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. |
| CVE-2023-24131 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24132 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24133 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet. |
| CVE-2023-24134 | 2023-03-01 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. |
| CVE-2023-24751 | 2023-03-01 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-24752 | 2023-03-01 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-24754 | 2023-03-01 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-24755 | 2023-03-01 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-24756 | 2023-03-01 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-24757 | 2023-03-01 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-24758 | 2023-03-01 | libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2023-25221 | 2023-03-01 | Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. |
| CVE-2023-25222 | 2023-03-01 | A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c. |
| CVE-2023-26608 | 2023-03-01 | SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor. |
| CVE-2023-1112 | 2023-03-01 | Drag and Drop Multiple File Upload Contact Form 7 admin-ajax.php path traversal |
| CVE-2023-1113 | 2023-03-01 | SourceCodester Simple Payroll System POST Parameter cross site scripting |
| CVE-2021-4327 | 2023-03-01 | SerenityOS TypedArray.cpp initialize_typed_array_from_array_buffer integer overflow |
| CVE-2023-1114 | 2023-03-01 | Improper Input Validation on e-Belediye |
| CVE-2023-23984 | 2023-03-01 | WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23974 | 2023-03-01 | WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23973 | 2023-03-01 | WordPress Contact Us page - Contact people LITE Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-1064 | 2023-03-01 | SQLi in Uzay Baskul's Weighbridge Automation Software |
| CVE-2022-38468 | 2023-03-01 | WordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-40198 | 2023-03-01 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45804 | 2023-03-01 | WordPress Robo Gallery Plugin <= 3.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45068 | 2023-03-01 | WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46797 | 2023-03-01 | WordPress Conversios.io Plugin <= 5.2.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46798 | 2023-03-01 | WordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46805 | 2023-03-01 | WordPress Conditional Payments for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46806 | 2023-03-01 | WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-24567 | 2023-03-01 | Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific... |
| CVE-2022-47148 | 2023-03-01 | WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25544 | 2023-03-01 | Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch... |
| CVE-2023-0507 | 2023-03-01 | Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was... |
| CVE-2023-0594 | 2023-03-01 | Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was... |
| CVE-2022-36021 | 2023-03-01 | Redis string pattern matching can be abused to achieve Denial of Service |
| CVE-2022-39228 | 2023-03-01 | Observable Response Discrepancy in vantage6 |
| CVE-2023-0460 | 2023-03-01 | Remote code execution in YouTube Android Player API SDK |
| CVE-2023-25931 | 2023-03-01 | Medtronic Micro Clinician & InterStim X Clinician App Password Reset Issue |
| CVE-2023-1097 | 2023-03-01 | Unauthenticated Command Injection EG7035-M11 Series |
| CVE-2023-1130 | 2023-03-01 | SourceCodester Computer Parts Sales and Inventory System processlogin sql injection |
| CVE-2023-1131 | 2023-03-01 | SourceCodester Computer Parts Sales and Inventory System customer.php cross site scripting |
| CVE-2023-22738 | 2023-03-01 | Improper Preservation of Permissions in vantage6 |
| CVE-2022-43902 | 2023-03-01 | IBM MQ denial of service |
| CVE-2020-5001 | 2023-03-01 | IBM Financial Transaction Manager path traversal |
| CVE-2020-5002 | 2023-03-01 | IBM Financial Transaction Manager security bypass |
| CVE-2020-5026 | 2023-03-01 | IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in... |
| CVE-2022-38734 | 2023-03-02 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution... |
| CVE-2022-46501 | 2023-03-02 | Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. |
| CVE-2023-0656 | 2023-03-02 | A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. |
| CVE-2023-1101 | 2023-03-02 | SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. |
| CVE-2023-1106 | 2023-03-02 | Cross-site Scripting (XSS) - Reflected in flatpressblog/flatpress |
| CVE-2023-1107 | 2023-03-02 | Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress |
| CVE-2023-1118 | 2023-03-02 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to... |
| CVE-2023-1146 | 2023-03-02 | Cross-site Scripting (XSS) - Generic in flatpressblog/flatpress |
| CVE-2023-1147 | 2023-03-02 | Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress |
| CVE-2023-1148 | 2023-03-02 | Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress |
| CVE-2023-1149 | 2023-03-02 | Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver |
| CVE-2023-25358 | 2023-03-02 | A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. |
| CVE-2023-25360 | 2023-03-02 | A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. |
| CVE-2023-25361 | 2023-03-02 | A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. |
| CVE-2023-25362 | 2023-03-02 | A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. |
| CVE-2023-25363 | 2023-03-02 | A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. |
| CVE-2023-26780 | 2023-03-02 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. |
| CVE-2023-22462 | 2023-03-02 | Stored XSS in Grafana Text plugin |
| CVE-2023-26046 | 2023-03-02 | teler-waf subject to bypass of common web attack threat rule with HTML entities payload |