CVE List - 2023 / March
Showing 2301 - 2400 of 2488 CVEs for March 2023 (Page 24 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-43649 | 2023-03-29 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.2.12465. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2022-43650 | 2023-03-29 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2022-44368 | 2023-03-29 | NASM v2.16 was discovered to contain a null pointer deference in the NASM component |
| CVE-2022-44369 | 2023-03-29 | NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c. |
| CVE-2023-0664 | 2023-03-29 | A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom... |
| CVE-2023-0836 | 2023-03-29 | An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left... |
| CVE-2023-1652 | 2023-03-29 | A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it... |
| CVE-2023-1701 | 2023-03-29 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore |
| CVE-2023-1702 | 2023-03-29 | Cross-site Scripting (XSS) - Generic in pimcore/pimcore |
| CVE-2023-1703 | 2023-03-29 | Cross-site Scripting (XSS) - Generic in pimcore/pimcore |
| CVE-2023-1704 | 2023-03-29 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-26968 | 2023-03-29 | In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload. |
| CVE-2023-26982 | 2023-03-29 | Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. |
| CVE-2023-26984 | 2023-03-29 | An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. |
| CVE-2023-27167 | 2023-03-29 | Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. |
| CVE-2023-1683 | 2023-03-29 | Xunrui CMS system_log.html information disclosure |
| CVE-2023-1684 | 2023-03-29 | HadSky unrestricted upload |
| CVE-2023-23355 | 2023-03-29 | QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR |
| CVE-2023-1685 | 2023-03-29 | HadSky Installation Interface index.php command injection |
| CVE-2023-1686 | 2023-03-29 | SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting |
| CVE-2023-1687 | 2023-03-29 | SourceCodester Simple Task Allocation System cross site scripting |
| CVE-2023-1688 | 2023-03-29 | SourceCodester Earnings and Expense Tracker App cross site scripting |
| CVE-2023-1689 | 2023-03-29 | SourceCodester Earnings and Expense Tracker App cross site scripting |
| CVE-2023-1509 | 2023-03-29 | The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called... |
| CVE-2023-0213 | 2023-03-29 | Local Elevation of Privilege in M-Files |
| CVE-2023-1690 | 2023-03-29 | SourceCodester Earnings and Expense Tracker App cross site scripting |
| CVE-2022-48430 | 2023-03-29 | In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. |
| CVE-2022-48431 | 2023-03-29 | In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation. |
| CVE-2022-48432 | 2023-03-29 | In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. |
| CVE-2022-48433 | 2023-03-29 | In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. |
| CVE-2022-38077 | 2023-03-29 | WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28158 | 2023-03-29 | Apache Archiva privilege escalation |
| CVE-2022-47433 | 2023-03-29 | WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47438 | 2023-03-29 | WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47444 | 2023-03-29 | WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23861 | 2023-03-29 | WordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-1663 | 2023-03-29 | Authenticated Resources Accessible via Forced Browsing |
| CVE-2023-1680 | 2023-03-29 | Xunrui CMS main.html information disclosure |
| CVE-2023-1575 | 2023-03-29 | The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input... |
| CVE-2022-47596 | 2023-03-29 | WordPress Media Library Categories Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26290 | 2023-03-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web... |
| CVE-2023-26291 | 2023-03-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web... |
| CVE-2023-26292 | 2023-03-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web... |
| CVE-2023-1550 | 2023-03-29 | NGINX Agent vulnerability CVE-2023-1550 |
| CVE-2023-28642 | 2023-03-29 | AppArmor bypass with symlinked /proc in runc |
| CVE-2023-25809 | 2023-03-29 | rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc |
| CVE-2023-27489 | 2023-03-29 | Stored cross site scripting via SVG file upload in Kiwi TCMS |
| CVE-2022-45355 | 2023-03-29 | WordPress WP Pipes Plugin <= 1.33 is vulnerable to SQL Injection (SQLi) |
| CVE-2022-47613 | 2023-03-29 | WordPress AI ChatBot Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47610 | 2023-03-29 | WordPress Simple Image Popup Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47607 | 2023-03-29 | WordPress Usersnap Plugin <= 4.16 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47603 | 2023-03-29 | WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47602 | 2023-03-29 | WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-22705 | 2023-03-29 | WordPress Welcart e-Commerce Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28501 | 2023-03-29 | Heap buffer overflow in unirpcd |
| CVE-2023-1656 | 2023-03-29 | When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection. |
| CVE-2023-28502 | 2023-03-29 | Stack buffer overflow in UniRPC's udadmin_server service |
| CVE-2023-28503 | 2023-03-29 | Authentication bypass in UniRPC's udadmin service |
| CVE-2023-28504 | 2023-03-29 | Stack buffer overflow in UniRPC library function |
| CVE-2023-28505 | 2023-03-29 | Buffer overflow in UniRPC library function |
| CVE-2023-28506 | 2023-03-29 | Stack buffer overflow in UniRPC service |
| CVE-2023-28507 | 2023-03-29 | Memory exhaustion in LZ4 decompression in UniRPC daemon |
| CVE-2023-28508 | 2023-03-29 | Heap corruption in UniRPC service |
| CVE-2023-28509 | 2023-03-29 | Weak encryption in UniRPC protocol |
| CVE-2023-27533 | 2023-03-30 | A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during... |
| CVE-2023-27537 | 2023-03-30 | A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there... |
| CVE-2022-30350 | 2023-03-30 | Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and... |
| CVE-2022-30351 | 2023-03-30 | PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases,... |
| CVE-2022-4744 | 2023-03-30 | A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows... |
| CVE-2022-47542 | 2023-03-30 | Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges. |
| CVE-2023-1393 | 2023-03-30 | A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver... |
| CVE-2023-1670 | 2023-03-30 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate... |
| CVE-2023-1712 | 2023-03-30 | Use of Hard-coded, Security-relevant Constants in deepset-ai/haystack |
| CVE-2023-26692 | 2023-03-30 | ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-27534 | 2023-03-30 | A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in... |
| CVE-2023-27535 | 2023-03-30 | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept... |
| CVE-2023-27536 | 2023-03-30 | An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes... |
| CVE-2023-27538 | 2023-03-30 | An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have... |
| CVE-2023-28462 | 2023-03-30 | A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used,... |
| CVE-2023-29059 | 2023-03-30 | 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped... |
| CVE-2023-25000 | 2023-03-30 | Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations |
| CVE-2023-0665 | 2023-03-30 | Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata |
| CVE-2023-0620 | 2023-03-30 | Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend |
| CVE-2023-26117 | 2023-03-30 | Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting... |
| CVE-2023-26118 | 2023-03-30 | Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression... |
| CVE-2023-26116 | 2023-03-30 | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression.... |
| CVE-2023-1013 | 2023-03-30 | XSS in Vira-Investing |
| CVE-2023-1014 | 2023-03-30 | Information disclosure in Vira-Investing |
| CVE-2023-28935 | 2023-03-30 | Apache UIMA DUCC: DUCC (EOL) allows RCE |
| CVE-2023-1699 | 2023-03-30 | Rapid7 Nexpose Forced Browsing |
| CVE-2023-23670 | 2023-03-30 | WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23675 | 2023-03-30 | WordPress WP Smart Preloader Plugin <= 1.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23677 | 2023-03-30 | WordPress GTmetrix for WordPress Plugin <= 0.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23681 | 2023-03-30 | WordPress Image Hover Effects For WPBakery Page Builder Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25040 | 2023-03-30 | WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24399 | 2023-03-30 | WordPress Ocean Extra Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28731 | 2023-03-30 | Unauthenticated RCE affecting the AcyMailing plugin for Joomla |
| CVE-2023-28732 | 2023-03-30 | Missing access control affecting the AcyMailing plugin for Joomla |
| CVE-2023-28733 | 2023-03-30 | Stored XSS affecting the AcyMailing plugin for Joomla |
| CVE-2023-1725 | 2023-03-30 | SSRF in Infoline Project Management System |