CVE List - 2023 / March
Showing 2401 - 2488 of 2488 CVEs for March 2023 (Page 25 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-25076 | 2023-03-30 | A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead... |
| CVE-2023-24472 | 2023-03-30 | A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide... |
| CVE-2023-22845 | 2023-03-30 | An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious... |
| CVE-2023-24473 | 2023-03-30 | An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can... |
| CVE-2022-43473 | 2023-03-30 | A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can... |
| CVE-2022-23522 | 2023-03-30 | Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb |
| CVE-2023-28647 | 2023-03-30 | App pin of the iOS app can be bypassed in Nextcloud iOS |
| CVE-2023-28646 | 2023-03-30 | App lockout in nextcloud Android app can be bypassed via thirdparty apps |
| CVE-2023-26482 | 2023-03-30 | Scope of workflow operations is not validated in nextcloud server |
| CVE-2023-28643 | 2023-03-30 | Potential share collision for recipients when caching is enabled in nextcloud server |
| CVE-2023-28644 | 2023-03-30 | Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server |
| CVE-2023-28833 | 2023-03-30 | Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server |
| CVE-2023-28835 | 2023-03-30 | Insecure randomness for default password in nextcloud |
| CVE-2023-1734 | 2023-03-30 | SourceCodester Young Entrepreneur E-Negosyo System unrestricted upload |
| CVE-2023-1735 | 2023-03-30 | SourceCodester Young Entrepreneur E-Negosyo System passwordrecover.php sql injection |
| CVE-2023-1736 | 2023-03-30 | SourceCodester Young Entrepreneur E-Negosyo System sql injection |
| CVE-2023-28846 | 2023-03-30 | Denial of Service in unpoly-rails |
| CVE-2023-1737 | 2023-03-30 | SourceCodester Young Entrepreneur E-Negosyo System login.php sql injection |
| CVE-2023-1738 | 2023-03-30 | SourceCodester Young Entrepreneur E-Negosyo System sql injection |
| CVE-2023-1739 | 2023-03-30 | SourceCodester Simple and Beautiful Shopping Cart System upload.php unrestricted upload |
| CVE-2022-42452 | 2023-03-30 | HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. |
| CVE-2023-1740 | 2023-03-30 | SourceCodester Air Cargo Management System GET Parameter manage_user.php sql injection |
| CVE-2023-1741 | 2023-03-30 | jeecg-boot Sleep Command SysDictMapper.java sql injection |
| CVE-2023-1742 | 2023-03-30 | IBOS Report Search getlist sql injection |
| CVE-2023-1743 | 2023-03-30 | SourceCodester Grade Point Average GPA Calculator index.php cross site scripting |
| CVE-2023-1744 | 2023-03-30 | IBOS htaccess unrestricted upload |
| CVE-2023-1745 | 2023-03-30 | KMPlayer SHFOLDER.dll uncontrolled search path |
| CVE-2023-1746 | 2023-03-30 | Dreamer CMS File Upload cross site scripting |
| CVE-2023-1747 | 2023-03-30 | IBOS mark&op=delFromSend sql injection |
| CVE-2023-28464 | 2023-03-31 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead... |
| CVE-2022-46021 | 2023-03-31 | X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage. |
| CVE-2022-47188 | 2023-03-31 | Improper Input Validation in Generex CS141 |
| CVE-2022-47189 | 2023-03-31 | DoS via file upload vulnerability at Generex CS141 |
| CVE-2022-47190 | 2023-03-31 | RCE via file upload vulnerability in Generex CS141 |
| CVE-2022-47191 | 2023-03-31 | Privilege Escalation via file upload vulnerability at Generex CS141 |
| CVE-2022-47192 | 2023-03-31 | Admin password reset via file upload vulnerability in Generex CS141 |
| CVE-2022-4899 | 2023-03-31 | A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. |
| CVE-2023-1753 | 2023-03-31 | Weak Password Requirements in thorsten/phpmyfaq |
| CVE-2023-1754 | 2023-03-31 | Improper Neutralization of Input During Web Page Generation in thorsten/phpmyfaq |
| CVE-2023-1755 | 2023-03-31 | Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq |
| CVE-2023-1759 | 2023-03-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-1760 | 2023-03-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-1761 | 2023-03-31 | Cross-site Scripting in thorsten/phpmyfaq |
| CVE-2023-1762 | 2023-03-31 | Improper Privilege Management in thorsten/phpmyfaq |
| CVE-2023-23594 | 2023-03-31 | An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated... |
| CVE-2023-26829 | 2023-03-31 | An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the... |
| CVE-2023-26830 | 2023-03-31 | An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. |
| CVE-2023-26858 | 2023-03-31 | SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. |
| CVE-2023-26925 | 2023-03-31 | An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information. |
| CVE-2023-27159 | 2023-03-31 | Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a... |
| CVE-2023-27160 | 2023-03-31 | forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a... |
| CVE-2023-27162 | 2023-03-31 | openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a... |
| CVE-2023-27163 | 2023-03-31 | request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a... |
| CVE-2023-28755 | 2023-03-31 | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in... |
| CVE-2023-28756 | 2023-03-31 | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in... |
| CVE-2023-28862 | 2023-03-31 | An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification.... |
| CVE-2023-28877 | 2023-03-31 | The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. ([email protected] is unaffected by this issue.) |
| CVE-2023-28879 | 2023-03-31 | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode.... |
| CVE-2023-29137 | 2023-03-31 | An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize... |
| CVE-2023-29139 | 2023-03-31 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can... |
| CVE-2023-29140 | 2023-03-31 | An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no... |
| CVE-2023-29141 | 2023-03-31 | An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. |
| CVE-2023-28726 | 2023-03-31 | Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. |
| CVE-2023-28727 | 2023-03-31 | Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. |
| CVE-2023-1258 | 2023-03-31 | Flow-X disclosure of sensitive information to unauthenticated users |
| CVE-2023-1060 | 2023-03-31 | XSS in YKM CRM |
| CVE-2023-1769 | 2023-03-31 | SourceCodester Grade Point Average GPA Calculator index.php information disclosure |
| CVE-2023-1770 | 2023-03-31 | SourceCodester Grade Point Average GPA Calculator Master.php get_scale sql injection |
| CVE-2023-1774 | 2023-03-31 | Unauthorized email invite to a private channel |
| CVE-2023-1775 | 2023-03-31 | Unsanitized events sent over Websocket to regular users in a High Availability environment |
| CVE-2023-1776 | 2023-03-31 | Stored XSS via SVG attachment on Boards |
| CVE-2023-1771 | 2023-03-31 | SourceCodester Grade Point Average GPA Calculator Master.php get_scale cross site scripting |
| CVE-2023-1772 | 2023-03-31 | DataGear Diagram Type cross site scripting |
| CVE-2023-1777 | 2023-03-31 | Information disclosure in linked message previews |
| CVE-2023-1773 | 2023-03-31 | Rockoa Configuration File webmainConfig.php code injection |
| CVE-2023-0343 | 2023-03-31 | CVE-2023-0343 |
| CVE-2023-0344 | 2023-03-31 | CVE-2023-0344 |
| CVE-2023-0432 | 2023-03-31 | CVE-2023-0432 |
| CVE-2022-3192 | 2023-03-31 | Improper Check for Unusual or Exceptional Conditions |
| CVE-2023-28843 | 2023-03-31 | Improper neutralization of SQL parameter in PayPal module for PrestaShop |
| CVE-2023-1784 | 2023-03-31 | jeecg-boot API Documentation improper authentication |
| CVE-2023-1785 | 2023-03-31 | SourceCodester Earnings and Expense Tracker App manage_user.php sql injection |
| CVE-2023-26485 | 2023-03-31 | Quadratic complexity may lead to a denial of service in cmark-gfm |
| CVE-2023-24824 | 2023-03-31 | Quadratic complexity may lead to a denial of service in cmark-gfm |
| CVE-2023-28645 | 2023-03-31 | Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments |
| CVE-2023-28844 | 2023-03-31 | User without download rights can download older version of that file in nextcloud server |
| CVE-2023-28845 | 2023-03-31 | Chat room membership disclosed via autocompletion in Nextcloud talk |
| CVE-2023-1789 | 2023-04-01 | Improper Input Validation in firefly-iii/firefly-iii |
| CVE-2023-26822 | 2023-04-01 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. |
| CVE-2023-0208 | 2023-04-01 | NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability... |
| CVE-2023-0180 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. |
| CVE-2023-0181 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of... |
| CVE-2023-0182 | 2023-04-01 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. |
| CVE-2023-0183 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. |
| CVE-2023-0185 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or... |
| CVE-2023-0186 | 2023-04-01 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. |
| CVE-2023-0187 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. |
| CVE-2023-0188 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds... |
| CVE-2023-0189 | 2023-04-01 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and... |
| CVE-2023-0191 | 2023-04-01 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. |