CVE List - 2023 / March
Showing 1401 - 1500 of 2488 CVEs for March 2023 (Page 15 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-28667 | 2023-03-22 | The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function... |
| CVE-2023-27857 | 2023-03-22 | Rockwell Automation ThinManager ThinServer Heap-Based Buffer Overflow |
| CVE-2023-28708 | 2023-03-22 | Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations |
| CVE-2023-1562 | 2023-03-22 | Full name revealed via /plugins/focalboard/api/v2/users |
| CVE-2023-1556 | 2023-03-22 | SourceCodester Judging Management System summary_results.php sql injection |
| CVE-2023-1557 | 2023-03-22 | SourceCodester E-Commerce System Username access control |
| CVE-2023-1558 | 2023-03-22 | Simple and Beautiful Shopping Cart System uploadera.php unrestricted upload |
| CVE-2023-1559 | 2023-03-22 | SourceCodester Storage Unit Rental Management System unrestricted upload |
| CVE-2023-1560 | 2023-03-22 | TinyTIFF File tinytiffreader.c buffer overflow |
| CVE-2023-1561 | 2023-03-22 | code-projects Simple Online Hotel Reservation System add_room.php unrestricted upload |
| CVE-2023-1572 | 2023-03-22 | DataGear Plugin cross site scripting |
| CVE-2023-1563 | 2023-03-22 | SourceCodester Student Study Center Desk Management System assign.php sql injection |
| CVE-2023-1564 | 2023-03-22 | SourceCodester Air Cargo Management System GET Parameter update_status.php sql injection |
| CVE-2023-1574 | 2023-03-22 | Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user... |
| CVE-2023-1565 | 2023-03-22 | FeiFeiCMS Extension Tool slide_add.html cross site scripting |
| CVE-2023-1281 | 2023-03-22 | UAF in Linux kernel's tcindex (traffic control index filter) implementation |
| CVE-2023-1566 | 2023-03-22 | SourceCodester Medical Certificate Generator App action.php sql injection |
| CVE-2023-1567 | 2023-03-22 | SourceCodester Student Study Center Desk Management System assign.php cross site scripting |
| CVE-2023-1568 | 2023-03-22 | SourceCodester Student Study Center Desk Management System GET Parameter index.php cross site scripting |
| CVE-2023-1569 | 2023-03-22 | SourceCodester E-Commerce System cross site scripting |
| CVE-2023-1570 | 2023-03-22 | syoyo tinydng tiny_dng_loader.h __interceptor_memcpy heap-based overflow |
| CVE-2023-1571 | 2023-03-22 | DataGear pagingQueryData sql injection |
| CVE-2023-1573 | 2023-03-22 | DataGear Graph Dataset cross site scripting |
| CVE-2023-0464 | 2023-03-22 | Excessive Resource Usage Verifying X.509 Policy Constraints |
| CVE-2023-1580 | 2023-03-22 | Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the... |
| CVE-2023-0870 | 2023-03-22 | Form Can Be Manipulated with Cross-Site Request Forgery (CSRF) |
| CVE-2023-25820 | 2023-03-22 | Nextcloud Server and Enterprise Server missing brute force protection on password confirmation modal |
| CVE-2023-28114 | 2023-03-22 | `cilium-cli` disables etcd authorization for clustermesh clusters |
| CVE-2023-28117 | 2023-03-22 | Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` |
| CVE-2023-28119 | 2023-03-22 | crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb |
| CVE-2023-28431 | 2023-03-22 | Frontier's modexp precompile is slow for even modulus |
| CVE-2023-28432 | 2023-03-22 | Minio Information Disclosure in Cluster Deployment |
| CVE-2023-28433 | 2023-03-22 | Minio Privilege Escalation on Windows via Path separator manipulation |
| CVE-2023-28434 | 2023-03-22 | MinIO is vulnerable to privilege escalation on Linux/MacOS |
| CVE-2023-28438 | 2023-03-22 | Pimcore vulnerable to improper quoting of filters in Custom Reports |
| CVE-2023-28439 | 2023-03-22 | ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process |
| CVE-2022-43863 | 2023-03-22 | IBM QRadar SIEM privilege escalation |
| CVE-2023-26283 | 2023-03-22 | IBM WebSphere Application Server cross-site scripting |
| CVE-2023-0590 | 2023-03-23 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6... |
| CVE-2023-1289 | 2023-03-23 | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted... |
| CVE-2023-1402 | 2023-03-23 | Moodle: course participation report shows roles the user should not see |
| CVE-2023-20027 | 2023-03-23 | Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability |
| CVE-2023-20029 | 2023-03-23 | Cisco IOS XE Software Privilege Escalation Vulnerability |
| CVE-2023-20035 | 2023-03-23 | Cisco IOS XE SD-WAN Software Command Injection Vulnerability |
| CVE-2023-20055 | 2023-03-23 | Cisco DNA Center Privilege Escalation Vulnerability |
| CVE-2023-20056 | 2023-03-23 | Cisco Access Point Software Denial of Service Vulnerability |
| CVE-2023-20059 | 2023-03-23 | Cisco DNA Center Information Disclosure Vulnerability |
| CVE-2023-20065 | 2023-03-23 | A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This... |
| CVE-2023-20066 | 2023-03-23 | Cisco IOS XE Software Web UI Path Traversal Vulnerability |
| CVE-2023-20067 | 2023-03-23 | Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability |
| CVE-2023-20072 | 2023-03-23 | Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability |
| CVE-2023-20080 | 2023-03-23 | Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability |
| CVE-2023-20081 | 2023-03-23 | Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability |
| CVE-2023-20082 | 2023-03-23 | Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability |
| CVE-2023-20097 | 2023-03-23 | Cisco Access Point Software Command Injection Vulnerability |
| CVE-2023-20100 | 2023-03-23 | Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability |
| CVE-2023-20107 | 2023-03-23 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability |
| CVE-2023-20112 | 2023-03-23 | Cisco Access Point Software Association Request Denial of Service Vulnerability |
| CVE-2023-20113 | 2023-03-23 | Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability |
| CVE-2023-28329 | 2023-03-23 | Moodle: authenticated sql injection via availability check |
| CVE-2023-28330 | 2023-03-23 | Moodle: authenticated arbitrary file read through malformed backup file |
| CVE-2023-28332 | 2023-03-23 | Moodle: algebra filter xss when filter is misconfigured |
| CVE-2023-28333 | 2023-03-23 | Moodle: pix helper potential mustache code injection risk |
| CVE-2023-28334 | 2023-03-23 | Moodle: users' name enumeration possible via idor on learning plans page |
| CVE-2023-28335 | 2023-03-23 | Moodle: csrf risk in resetting all templates of a database activity |
| CVE-2023-28336 | 2023-03-23 | Moodle: teacher can access names of users they do not have permission to access |
| CVE-2020-19786 | 2023-03-23 | File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. |
| CVE-2020-24857 | 2023-03-23 | Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component. |
| CVE-2022-28491 | 2023-03-23 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. |
| CVE-2022-28492 | 2023-03-23 | TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. |
| CVE-2022-28493 | 2023-03-23 | A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service, |
| CVE-2022-28494 | 2023-03-23 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via... |
| CVE-2022-28496 | 2023-03-23 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via... |
| CVE-2022-28497 | 2023-03-23 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via... |
| CVE-2022-30037 | 2023-03-23 | XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. |
| CVE-2022-3101 | 2023-03-23 | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use... |
| CVE-2022-3146 | 2023-03-23 | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use... |
| CVE-2022-36413 | 2023-03-23 | Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. |
| CVE-2023-0056 | 2023-03-23 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in... |
| CVE-2023-1249 | 2023-03-23 | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma... |
| CVE-2023-1252 | 2023-03-23 | A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a... |
| CVE-2023-1513 | 2023-03-23 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace,... |
| CVE-2023-1544 | 2023-03-23 | Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read() |
| CVE-2023-1605 | 2023-03-23 | Denial of Service in radareorg/radare2 |
| CVE-2023-20859 | 2023-03-23 | In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file... |
| CVE-2023-20861 | 2023-03-23 | In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression... |
| CVE-2023-23192 | 2023-03-23 | IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task. |
| CVE-2023-24295 | 2023-03-23 | A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file. |
| CVE-2023-24655 | 2023-03-23 | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function. |
| CVE-2023-24788 | 2023-03-23 | NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. |
| CVE-2023-26088 | 2023-03-23 | In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation... |
| CVE-2023-26359 | 2023-03-23 | Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution |
| CVE-2023-26360 | 2023-03-23 | Adobe ColdFusion Improper Access Control Arbitrary code execution |
| CVE-2023-26361 | 2023-03-23 | Adobe ColdFusion Directory Traversal Arbitrary file system read Vulnerability |
| CVE-2023-26496 | 2023-03-23 | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Memory corruption can occur due to... |
| CVE-2023-26498 | 2023-03-23 | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper... |
| CVE-2023-27034 | 2023-03-23 | PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. |
| CVE-2023-27077 | 2023-03-23 | Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package. |
| CVE-2023-27078 | 2023-03-23 | A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. |
| CVE-2023-27079 | 2023-03-23 | Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package |