CVE List - 2023 / March
Showing 101 - 200 of 2488 CVEs for March 2023 (Page 2 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-0053 | 2023-03-02 | SAUTER Controls Nova 200–220 Series Cleartext Transmission of Sensitive Information |
| CVE-2023-0193 | 2023-03-02 | NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a... |
| CVE-2023-0196 | 2023-03-02 | NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in... |
| CVE-2023-0228 | 2023-03-02 | Improper authentication vulnerability in S+ Operations |
| CVE-2023-25155 | 2023-03-02 | Integer Overflow in several Redis commands can lead to denial of service. |
| CVE-2023-25806 | 2023-03-02 | Time discrepancy in authentication responses in OpenSearch |
| CVE-2023-26053 | 2023-03-02 | Gradle usage of long IDs for PGP keys opens potential for collision attacks |
| CVE-2023-1151 | 2023-03-02 | SourceCodester Electronic Medical Records System Cookie administrator.php sql injection |
| CVE-2021-45477 | 2023-03-02 | IDOR in Yordam Library Automation System |
| CVE-2021-45478 | 2023-03-02 | IDOR in Yordam Library Automation System |
| CVE-2021-45479 | 2023-03-02 | XSS in Yordam Library Automation System |
| CVE-2021-3854 | 2023-03-02 | SQLi in Glox Technology's Useroam Hotspot |
| CVE-2023-25536 | 2023-03-02 | Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential... |
| CVE-2023-0085 | 2023-03-02 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on... |
| CVE-2023-1155 | 2023-03-02 | The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output... |
| CVE-2023-26480 | 2023-03-02 | XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data |
| CVE-2023-26479 | 2023-03-02 | org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions |
| CVE-2023-26478 | 2023-03-02 | org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function |
| CVE-2023-26477 | 2023-03-02 | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability |
| CVE-2023-26476 | 2023-03-02 | Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor |
| CVE-2023-26475 | 2023-03-02 | XWiki Platform vulnerable to Remote Code Execution in Annotations |
| CVE-2023-1156 | 2023-03-02 | SourceCodester Health Center Patient Record Management System fecalysis_form.php cross site scripting |
| CVE-2023-26474 | 2023-03-02 | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author |
| CVE-2023-1157 | 2023-03-02 | finixbit elf-parser elf_parser.cpp get_segments denial of service |
| CVE-2023-26473 | 2023-03-02 | XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm |
| CVE-2023-26472 | 2023-03-02 | XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile |
| CVE-2021-4328 | 2023-03-02 | 狮子鱼CMS ApiController.class.php goods_detail sql injection |
| CVE-2023-26471 | 2023-03-02 | XWiki Platform users may execute anything with superadmin right through comments and async macro |
| CVE-2023-26051 | 2023-03-02 | Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions |
| CVE-2023-0084 | 2023-03-02 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient... |
| CVE-2023-26470 | 2023-03-02 | In XWiki Platform, saving a document with a large object number leads to persistent OOM errors |
| CVE-2023-26056 | 2023-03-02 | XWiki Platform allows macro execution as any user without programming rights through the context macro |
| CVE-2023-26055 | 2023-03-02 | XWiki Commons may allow privilege escalation to programming rights via user's first name |
| CVE-2023-26052 | 2023-03-02 | Saleor is vulnerable to unauthenticated information disclosure via Python exceptions |
| CVE-2022-35645 | 2023-03-02 | IBM Maximo Asset Management cross-site scripting |
| CVE-2023-24975 | 2023-03-02 | IBM Spectrum Symphony HOST header injection |
| CVE-2023-22381 | 2023-03-02 | Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions |
| CVE-2022-40633 | 2023-03-02 | Rittal CMC III Improper Access Control |
| CVE-2023-20061 | 2023-03-03 | Cisco Unified Intelligence Center Vulnerabilities |
| CVE-2023-20062 | 2023-03-03 | Cisco Unified Intelligence Center Vulnerabilities |
| CVE-2023-20069 | 2023-03-03 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2023-20078 | 2023-03-03 | Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities |
| CVE-2023-20079 | 2023-03-03 | Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities |
| CVE-2023-20088 | 2023-03-03 | Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability |
| CVE-2023-20104 | 2023-03-03 | Cisco Webex App for Web Cross-Site Scripting Vulnerability |
| CVE-2023-27561 | 2023-03-03 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount... |
| CVE-2021-36689 | 2023-03-03 | An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file.... |
| CVE-2022-2835 | 2023-03-03 | A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of... |
| CVE-2022-2837 | 2023-03-03 | A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and... |
| CVE-2022-41862 | 2023-03-03 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read... |
| CVE-2022-45551 | 2023-03-03 | An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. |
| CVE-2022-45552 | 2023-03-03 | An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash... |
| CVE-2022-45553 | 2023-03-03 | An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. |
| CVE-2022-45988 | 2023-03-03 | starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. |
| CVE-2022-4645 | 2023-03-03 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix... |
| CVE-2022-46973 | 2023-03-03 | Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. |
| CVE-2022-47664 | 2023-03-03 | Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse |
| CVE-2022-47665 | 2023-03-03 | Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) |
| CVE-2023-1160 | 2023-03-03 | Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit |
| CVE-2023-1170 | 2023-03-03 | Heap-based Buffer Overflow in vim/vim |
| CVE-2023-23313 | 2023-03-03 | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1;... |
| CVE-2023-24641 | 2023-03-03 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. |
| CVE-2023-24642 | 2023-03-03 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. |
| CVE-2023-24643 | 2023-03-03 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. |
| CVE-2023-25402 | 2023-03-03 | CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. |
| CVE-2023-25403 | 2023-03-03 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within... |
| CVE-2023-26213 | 2023-03-03 | On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute... |
| CVE-2023-26604 | 2023-03-03 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does... |
| CVE-2023-26779 | 2023-03-03 | CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). |
| CVE-2023-27560 | 2023-03-03 | Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. |
| CVE-2023-27566 | 2023-03-03 | Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. |
| CVE-2023-27567 | 2023-03-03 | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. |
| CVE-2023-27574 | 2023-03-03 | ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. |
| CVE-2023-0457 | 2023-03-03 | Information Disclosure Vulnerability in MELSEC Series |
| CVE-2023-1162 | 2023-03-03 | DrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection |
| CVE-2023-1163 | 2023-03-03 | DrayTek Vigor 2960 Web Management Interface mainfunction.cgi getSyslogFile path traversal |
| CVE-2023-0577 | 2023-03-03 | Multiple XSS in ASOS Information Technologies' Sobiad |
| CVE-2023-1164 | 2023-03-03 | KylinSoft kylin-activation File Import improper authorization |
| CVE-2023-0578 | 2023-03-03 | Multiple XSS in ASOS Information Technologies' Book Cites |
| CVE-2023-0957 | 2023-03-03 | An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server... |
| CVE-2023-1165 | 2023-03-03 | Zhong Bang CRMEB Java list sql injection |
| CVE-2023-26488 | 2023-03-03 | OpenZeppelin Contracts contains Incorrect Calculation |
| CVE-2023-0968 | 2023-03-03 | The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient... |
| CVE-2023-26492 | 2023-03-03 | Directus vulnerable to Server-Side Request Forgery On File Import |
| CVE-2023-23927 | 2023-03-03 | Craft CMS stored cross-site scripting vulnerability |
| CVE-2023-26483 | 2023-03-03 | gosaml2 vulnerable to Denial of Service via deflate decompression bomb |
| CVE-2023-27290 | 2023-03-03 | IBM Observability with Instana missing authentication |
| CVE-2023-26491 | 2023-03-03 | RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters |
| CVE-2023-26047 | 2023-03-03 | teler-waf contains detection rule bypass via entities payload |
| CVE-2023-26490 | 2023-03-03 | mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync |
| CVE-2023-23929 | 2023-03-03 | Refresh tokens do not expire in Vantage6 |
| CVE-2023-26487 | 2023-03-03 | Vega has cross-site scripting vulnerability in `lassoAppend` function |
| CVE-2023-26486 | 2023-03-03 | Vega `scale` expression function cross site scripting |
| CVE-2023-1175 | 2023-03-04 | Incorrect Calculation of Buffer Size in vim/vim |
| CVE-2023-25819 | 2023-03-04 | Discourse tags with no visibility are leaking into og:article:tag |
| CVE-2023-26481 | 2023-03-04 | Insufficient user check in FlowTokens by Email stage |
| CVE-2020-36663 | 2023-03-04 | Artesãos SEOTools OpenGraph.php makeTag redirect |
| CVE-2020-36664 | 2023-03-04 | Artesãos SEOTools SEOMeta.php setTitle redirect |
| CVE-2020-36665 | 2023-03-04 | Artesãos SEOTools TwitterCards.php eachValue redirect |
| CVE-2014-125090 | 2023-03-04 | Media Downloader Plugin getfile.php dl_file_resumable cross site scripting |