CVE List - 2023 / March
Showing 501 - 600 of 2488 CVEs for March 2023 (Page 6 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-27974 | 2023-03-08 | Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that... |
| CVE-2021-33351 | 2023-03-08 | Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket... |
| CVE-2021-33352 | 2023-03-08 | An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message... |
| CVE-2021-33353 | 2023-03-08 | Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. |
| CVE-2021-33639 | 2023-03-08 | REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. |
| CVE-2022-4007 | 2023-03-08 | A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting... |
| CVE-2022-4315 | 2023-03-08 | An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. |
| CVE-2022-46394 | 2023-03-08 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall... |
| CVE-2023-0030 | 2023-03-08 | A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a... |
| CVE-2023-1269 | 2023-03-08 | Use of Hard-coded Credentials in alextselegidis/easyappointments |
| CVE-2023-1283 | 2023-03-08 | Code Injection in builderio/qwik |
| CVE-2023-22889 | 2023-03-08 | SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. |
| CVE-2023-22890 | 2023-03-08 | SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. |
| CVE-2023-22891 | 2023-03-08 | There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. |
| CVE-2023-22892 | 2023-03-08 | There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. |
| CVE-2023-24282 | 2023-03-08 | An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. |
| CVE-2023-24657 | 2023-03-08 | phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. |
| CVE-2023-24773 | 2023-03-08 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. |
| CVE-2023-24777 | 2023-03-08 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. |
| CVE-2023-24782 | 2023-03-08 | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. |
| CVE-2023-26261 | 2023-03-08 | In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway &... |
| CVE-2023-26922 | 2023-03-08 | SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint. |
| CVE-2023-26950 | 2023-03-08 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. |
| CVE-2023-26952 | 2023-03-08 | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module. |
| CVE-2023-26956 | 2023-03-08 | onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. |
| CVE-2023-27088 | 2023-03-08 | feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to... |
| CVE-2023-27477 | 2023-03-08 | wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong... |
| CVE-2023-27482 | 2023-03-08 | homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant... |
| CVE-2023-0089 | 2023-03-08 | Proofpoint Enterprise Protection webutils authenticated RCE |
| CVE-2023-0090 | 2023-03-08 | Proofpoint Enterprise Protection webservices unauthenticated RCE |
| CVE-2023-23638 | 2023-03-08 | Apache Dubbo Deserialization Vulnerability Gadgets Bypass |
| CVE-2023-1267 | 2023-03-08 | SQLi in Ulkem Company's PtteM Kart |
| CVE-2022-20929 | 2023-03-08 | A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability... |
| CVE-2022-46752 | 2023-03-08 | Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. |
| CVE-2023-27898 | 2023-03-08 | Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility... |
| CVE-2023-27899 | 2023-03-08 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for... |
| CVE-2023-27900 | 2023-03-08 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in... |
| CVE-2023-27901 | 2023-03-08 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in... |
| CVE-2023-27902 | 2023-03-08 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. |
| CVE-2023-27903 | 2023-03-08 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter... |
| CVE-2023-27904 | 2023-03-08 | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise... |
| CVE-2023-27905 | 2023-03-08 | Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able... |
| CVE-2023-1275 | 2023-03-08 | SourceCodester Phone Shop Sales Managements System CAPTCHA index.php cross site scripting |
| CVE-2023-1276 | 2023-03-08 | SUL1SS_shop Order.php sql injection |
| CVE-2023-1277 | 2023-03-08 | kylin-system-updater Update InstallSnap command injection |
| CVE-2023-1278 | 2023-03-08 | IBOS index.php cross site scripting |
| CVE-2023-23760 | 2023-03-08 | Path traversal in GitHub Enterprise Server leading to remote code execution |
| CVE-2023-27486 | 2023-03-08 | Insufficient authorization validation between zones when xCAT zones are enabled |
| CVE-2023-24533 | 2023-03-08 | Incorrect multiplication of unreduced P-256 scalars in filippo.io/nistec |
| CVE-2023-24532 | 2023-03-08 | Incorrect calculation on P256 curves in crypto/internal/nistec |
| CVE-2023-26489 | 2023-03-08 | Guest-controlled out-of-bounds read/write on x86_64 in wasmtime |
| CVE-2022-37939 | 2023-03-08 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made... |
| CVE-2022-4289 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus... |
| CVE-2023-20049 | 2023-03-09 | Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability |
| CVE-2023-20064 | 2023-03-09 | Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability |
| CVE-2021-34125 | 2023-03-09 | An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. |
| CVE-2022-3381 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used... |
| CVE-2022-3758 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due... |
| CVE-2022-3767 | 2023-03-09 | Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. |
| CVE-2022-4317 | 2023-03-09 | An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. |
| CVE-2022-4331 | 2023-03-09 | An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2.... |
| CVE-2022-4462 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This... |
| CVE-2023-0050 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A... |
| CVE-2023-0223 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project... |
| CVE-2023-0483 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It... |
| CVE-2023-1072 | 2023-03-09 | An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It... |
| CVE-2023-1084 | 2023-03-09 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project... |
| CVE-2023-1286 | 2023-03-09 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-26948 | 2023-03-09 | onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. |
| CVE-2023-26957 | 2023-03-09 | onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. |
| CVE-2023-27202 | 2023-03-09 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. |
| CVE-2023-27203 | 2023-03-09 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. |
| CVE-2023-27204 | 2023-03-09 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. |
| CVE-2023-27205 | 2023-03-09 | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. |
| CVE-2023-27206 | 2023-03-09 | A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page... |
| CVE-2023-27207 | 2023-03-09 | Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. |
| CVE-2023-27208 | 2023-03-09 | A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect... |
| CVE-2023-27210 | 2023-03-09 | Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. |
| CVE-2023-27211 | 2023-03-09 | A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page... |
| CVE-2023-27212 | 2023-03-09 | A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect... |
| CVE-2023-27213 | 2023-03-09 | Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. |
| CVE-2023-27214 | 2023-03-09 | Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. |
| CVE-2023-27985 | 2023-03-09 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It... |
| CVE-2023-27986 | 2023-03-09 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. |
| CVE-2023-26110 | 2023-03-09 | All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. |
| CVE-2023-26109 | 2023-03-09 | All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. |
| CVE-2023-1251 | 2023-03-09 | SQLi in Wolvox |
| CVE-2023-1290 | 2023-03-09 | SourceCodester Sales Tracker Management System view_client.php sql injection |
| CVE-2023-1291 | 2023-03-09 | SourceCodester Sales Tracker Management System manage_client.php sql injection |
| CVE-2023-1292 | 2023-03-09 | SourceCodester Sales Tracker Management System Master.php delete_client sql injection |
| CVE-2023-1293 | 2023-03-09 | SourceCodester Online Graduate Tracer System admin_cs.php mysqli_query sql injection |
| CVE-2023-1294 | 2023-03-09 | SourceCodester File Tracker Manager System POST Parameter login.php sql injection |
| CVE-2022-29056 | 2023-03-09 | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU... |
| CVE-2023-26208 | 2023-03-09 | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP... |
| CVE-2023-26209 | 2023-03-09 | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP... |
| CVE-2023-0845 | 2023-03-09 | Consul Server Panic when Ingress and API Gateways Configured with Peering |
| CVE-2023-1287 | 2023-03-09 | ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability |
| CVE-2023-1288 | 2023-03-09 | ENOVIA Live Collaboration V6R2013xE is affected by an XML External Entity injection (XXE) vulnerability |
| CVE-2023-25573 | 2023-03-09 | Improper access control to download file in metersphere |
| CVE-2023-25814 | 2023-03-09 | Arbitrary File Read Vulnerability in metersphere |