CVE List - 2023 / March
Showing 1501 - 1600 of 2488 CVEs for March 2023 (Page 16 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-27094 | 2023-03-23 | An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. |
| CVE-2023-27135 | 2023-03-23 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. |
| CVE-2023-27249 | 2023-03-23 | swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c. |
| CVE-2023-28331 | 2023-03-23 | Moodle: xss risk when outputting database activity filter data |
| CVE-2023-28470 | 2023-03-23 | In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. |
| CVE-2023-28610 | 2023-03-23 | The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access... |
| CVE-2023-28611 | 2023-03-23 | Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. |
| CVE-2023-28758 | 2023-03-23 | An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to... |
| CVE-2023-28759 | 2023-03-23 | An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a... |
| CVE-2023-28772 | 2023-03-23 | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. |
| CVE-2023-26114 | 2023-03-23 | Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from... |
| CVE-2022-22512 | 2023-03-23 | VARTA: Multiple devices prone to hard-coded credentials |
| CVE-2023-1050 | 2023-03-23 | SQLi in As Koc Web Report System |
| CVE-2023-1051 | 2023-03-23 | XSS in As Koc Web Report System |
| CVE-2023-1410 | 2023-03-23 | Stored XSS in Graphite FunctionDescription tooltip |
| CVE-2023-1589 | 2023-03-23 | SourceCodester Online Tours & Travels Management System approve_delete.php exec sql injection |
| CVE-2023-1590 | 2023-03-23 | SourceCodester Online Tours & Travels Management System currency.php exec sql injection |
| CVE-2023-1591 | 2023-03-23 | SourceCodester Automatic Question Paper Generator System sql injection |
| CVE-2023-1592 | 2023-03-23 | SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php sql injection |
| CVE-2023-1593 | 2023-03-23 | SourceCodester Automatic Question Paper Generator System cross site scripting |
| CVE-2023-1594 | 2023-03-23 | novel-plus list MenuService sql injection |
| CVE-2023-1595 | 2023-03-23 | novel-plus list sql injection |
| CVE-2018-25048 | 2023-03-23 | Codesys Runtime Improper Limitation of a Pathname |
| CVE-2022-4224 | 2023-03-23 | CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3 |
| CVE-2023-28668 | 2023-03-23 | Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. |
| CVE-2023-28669 | 2023-03-23 | Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to... |
| CVE-2023-28670 | 2023-03-23 | Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2023-28671 | 2023-03-23 | A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through... |
| CVE-2023-28672 | 2023-03-23 | Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an... |
| CVE-2023-28673 | 2023-03-23 | A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2023-28674 | 2023-03-23 | A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. |
| CVE-2023-28675 | 2023-03-23 | A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. |
| CVE-2023-28676 | 2023-03-23 | A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote... |
| CVE-2023-28677 | 2023-03-23 | Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing... |
| CVE-2023-28678 | 2023-03-23 | Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability... |
| CVE-2023-28679 | 2023-03-23 | Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site... |
| CVE-2023-28680 | 2023-03-23 | Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-28681 | 2023-03-23 | Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-28682 | 2023-03-23 | Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-28683 | 2023-03-23 | Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2023-28684 | 2023-03-23 | Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2022-45843 | 2023-03-23 | WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-44742 | 2023-03-23 | WordPress Community Events Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22704 | 2023-03-23 | WordPress teachPress Plugin <= 8.1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28422 | 2023-03-23 | WordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47431 | 2023-03-23 | WordPress Open RDW kenteken voertuiginformatie Plugin <= 2.0.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22716 | 2023-03-23 | WordPress OOPSpam Anti-Spam Plugin <= 1.1.35 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22715 | 2023-03-23 | WordPress WP-CommentNavi Plugin <= 1.12.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22712 | 2023-03-23 | WordPress TemplatesNext ToolKit Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23650 | 2023-03-23 | WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23864 | 2023-03-23 | WordPress Very Simple Google Maps Plugin <= 2.8.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23728 | 2023-03-23 | WordPress WP Flipclock Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23722 | 2023-03-23 | WordPress WP eBay Product Feeds Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22702 | 2023-03-23 | WordPress WPMobile.App — Android and iOS Mobile Application Plugin <= 11.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47589 | 2023-03-23 | WordPress CTT Expresso para WooCommerce Plugin <= 3.2.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47173 | 2023-03-23 | WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.62.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47145 | 2023-03-23 | WordPress Blockonomics Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23707 | 2023-03-23 | WordPress Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25992 | 2023-03-23 | WordPress CM Answers Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26008 | 2023-03-23 | WordPress Top 10 Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25456 | 2023-03-23 | WordPress Klaviyo Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1202 | 2023-03-23 | Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id... |
| CVE-2023-1603 | 2023-03-23 | Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. |
| CVE-2023-20559 | 2023-03-23 | Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. |
| CVE-2023-20558 | 2023-03-23 | Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. |
| CVE-2023-1606 | 2023-03-23 | novel-plus DictController.java sql injection |
| CVE-2023-25654 | 2023-03-23 | baserCMS File Uploader Remote Code Execution (RCE) vulnerability |
| CVE-2023-25655 | 2023-03-23 | baserCMS allows any file to be uploaded |
| CVE-2023-28436 | 2023-03-23 | Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process |
| CVE-2023-1607 | 2023-03-23 | novel-plus list sql injection |
| CVE-2023-1608 | 2023-03-23 | Zhong Bang CRMEB Java list getAdminList sql injection |
| CVE-2023-1609 | 2023-03-23 | Zhong Bang CRMEB Java save cross site scripting |
| CVE-2023-1610 | 2023-03-23 | Rebuild list sql injection |
| CVE-2023-1612 | 2023-03-23 | Rebuild list-file sql injection |
| CVE-2023-1613 | 2023-03-23 | Rebuild publish cross site scripting |
| CVE-2023-28441 | 2023-03-23 | smartCARS 3 Password Stored as plain text in Error Log |
| CVE-2023-28442 | 2023-03-23 | Geoserver for GeoNode sensitive information leak |
| CVE-2023-28443 | 2023-03-23 | directus vulnerable to Insertion of Sensitive Information into Log File |
| CVE-2023-28445 | 2023-03-23 | Deno improperly handles resizable ArrayBuffer |
| CVE-2022-45597 | 2023-03-24 | ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the... |
| CVE-2020-36691 | 2023-03-24 | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. |
| CVE-2021-3674 | 2023-03-24 | A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads,... |
| CVE-2021-3684 | 2023-03-24 | A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit... |
| CVE-2021-43311 | 2023-03-24 | A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. |
| CVE-2021-43312 | 2023-03-24 | A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. |
| CVE-2021-43313 | 2023-03-24 | A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. |
| CVE-2021-43314 | 2023-03-24 | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 |
| CVE-2021-43315 | 2023-03-24 | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 |
| CVE-2021-43316 | 2023-03-24 | A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). |
| CVE-2021-43317 | 2023-03-24 | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 |
| CVE-2022-20467 | 2023-03-24 | In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2022-20499 | 2023-03-24 | In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2022-20532 | 2023-03-24 | In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges... |
| CVE-2022-20542 | 2023-03-24 | In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2022-28495 | 2023-03-24 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via... |
| CVE-2022-40208 | 2023-03-24 | In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt. |
| CVE-2022-42498 | 2023-03-24 | In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2022-42499 | 2023-03-24 | In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges... |
| CVE-2022-42500 | 2023-03-24 | In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2022-42528 | 2023-03-24 | In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed.... |