CVE List - 2023 / March
Showing 401 - 500 of 2488 CVEs for March 2023 (Page 5 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-47458 | 2023-03-07 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-47459 | 2023-03-07 | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| CVE-2022-22075 | 2023-03-07 | Information Exposure in Graphics |
| CVE-2022-25655 | 2023-03-07 | Buffer copy without checking the size of input in WLAN HAL. |
| CVE-2022-25694 | 2023-03-07 | Use of Out-of-range Pointer Offset in MODEM |
| CVE-2022-25705 | 2023-03-07 | Integer Overflow to Buffer Overflow in Modem |
| CVE-2022-25709 | 2023-03-07 | Use of Out-of-range Pointer Offset in Data Modem |
| CVE-2022-33213 | 2023-03-07 | Memory Corruption in MODEM |
| CVE-2022-33242 | 2023-03-07 | Improper authentication in Qualcomm IPC |
| CVE-2022-33244 | 2023-03-07 | Reachable assertion in Modem |
| CVE-2022-33245 | 2023-03-07 | Use after free in WLAN |
| CVE-2022-33250 | 2023-03-07 | Reachable assertion in Modem |
| CVE-2022-33254 | 2023-03-07 | Reachable assertion in Modem |
| CVE-2022-33256 | 2023-03-07 | Improper validation of array index in Multi-mode call processor |
| CVE-2022-33257 | 2023-03-07 | Time-of-check time-of-use race condition in Core |
| CVE-2022-33260 | 2023-03-07 | Stack based buffer overflow in Core |
| CVE-2022-33272 | 2023-03-07 | Reachable assertion in Modem |
| CVE-2022-33278 | 2023-03-07 | Buffer copy without checking the size of input in HLOS |
| CVE-2022-33309 | 2023-03-07 | Buiffer over-read in WLAN Firmware. |
| CVE-2022-40515 | 2023-03-07 | Double free in Video |
| CVE-2022-40527 | 2023-03-07 | Reachable Assertion in WLAN Embedded SW |
| CVE-2022-40530 | 2023-03-07 | Integer overflow to buffer overflow in WLAN |
| CVE-2022-40531 | 2023-03-07 | Incorrect type conversion in WLAN |
| CVE-2022-40535 | 2023-03-07 | Buffer Over-read in WLAN |
| CVE-2022-40537 | 2023-03-07 | Improper Validation of Array Index in Bluetooth HOST |
| CVE-2022-40539 | 2023-03-07 | Improper Validation of Array Index in Automotive Android OS |
| CVE-2022-40540 | 2023-03-07 | Buffer copy without checking the size of input in Linux Kernel |
| CVE-2022-3760 | 2023-03-07 | SQLi in Mia-Med |
| CVE-2021-44196 | 2023-03-07 | XSS in UBIT Information Technologies Student Information Management System |
| CVE-2021-44197 | 2023-03-07 | XSS in UBIT Information Technologies Student Information Management System |
| CVE-2020-36667 | 2023-03-07 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of... |
| CVE-2020-36668 | 2023-03-07 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper... |
| CVE-2020-36669 | 2023-03-07 | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce... |
| CVE-2021-4330 | 2023-03-07 | The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip... |
| CVE-2021-4331 | 2023-03-07 | The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form... |
| CVE-2021-4332 | 2023-03-07 | The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature... |
| CVE-2015-10087 | 2023-03-07 | UpThemes Theme DesignFolio Plus unrestricted upload |
| CVE-2022-4931 | 2023-03-07 | The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on... |
| CVE-2022-4932 | 2023-03-07 | The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers... |
| CVE-2021-4333 | 2023-03-07 | The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-1253 | 2023-03-07 | SourceCodester Health Center Patient Record Management System login.php sql injection |
| CVE-2023-1254 | 2023-03-07 | SourceCodester Health Center Patient Record Management System birthing_print.php cross site scripting |
| CVE-2023-25690 | 2023-03-07 | Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy |
| CVE-2023-27522 | 2023-03-07 | Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting |
| CVE-2020-36670 | 2023-03-07 | The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions.... |
| CVE-2023-25605 | 2023-03-07 | A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. |
| CVE-2023-25611 | 2023-03-07 | A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized... |
| CVE-2022-39951 | 2023-03-07 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions... |
| CVE-2022-39953 | 2023-03-07 | A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC... |
| CVE-2022-41333 | 2023-03-07 | An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted... |
| CVE-2023-23776 | 2023-03-07 | An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker... |
| CVE-2022-22297 | 2023-03-07 | An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb... |
| CVE-2022-41328 | 2023-03-07 | A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged... |
| CVE-2022-40676 | 2023-03-07 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through... |
| CVE-2022-27490 | 2023-03-07 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x,... |
| CVE-2022-45861 | 2023-03-07 | An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0... |
| CVE-2022-42476 | 2023-03-07 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged... |
| CVE-2022-41329 | 2023-03-07 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through... |
| CVE-2023-1257 | 2023-03-07 | CVE-2023-1257 |
| CVE-2023-27475 | 2023-03-07 | Goutil vulnerable to path traversal when unzipping files |
| CVE-2023-27478 | 2023-03-07 | Disclosure of unrelated data in libmemcached-awesome |
| CVE-2023-27479 | 2023-03-07 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui |
| CVE-2023-27480 | 2023-03-07 | Data leak through a XAR import XXE attack in xwiki-platform-xar-model |
| CVE-2023-27481 | 2023-03-07 | Extract password hashes through export querying in directus |
| CVE-2023-27485 | 2023-03-07 | Insufficient verification of authorisation when accessing subresults in thmmniii/fbs-core |
| CVE-2023-1263 | 2023-03-07 | The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated... |
| CVE-2023-1213 | 2023-03-07 | Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-1214 | 2023-03-07 | Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-1215 | 2023-03-07 | Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-1216 | 2023-03-07 | Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap... |
| CVE-2023-1217 | 2023-03-07 | Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from... |
| CVE-2023-1218 | 2023-03-07 | Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-1219 | 2023-03-07 | Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-1220 | 2023-03-07 | Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2023-1221 | 2023-03-07 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a... |
| CVE-2023-1222 | 2023-03-07 | Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-1223 | 2023-03-07 | Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-1224 | 2023-03-07 | Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-1225 | 2023-03-07 | Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-1226 | 2023-03-07 | Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity:... |
| CVE-2023-1227 | 2023-03-07 | Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit... |
| CVE-2023-1228 | 2023-03-07 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-1229 | 2023-03-07 | Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2023-1230 | 2023-03-07 | Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of... |
| CVE-2023-1231 | 2023-03-07 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium... |
| CVE-2023-1232 | 2023-03-07 | Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security... |
| CVE-2023-1233 | 2023-03-07 | Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from... |
| CVE-2023-1234 | 2023-03-07 | Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-1235 | 2023-03-07 | Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction.... |
| CVE-2023-1236 | 2023-03-07 | Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-25143 | 2023-03-07 | An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. |
| CVE-2023-25144 | 2023-03-07 | An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. |
| CVE-2023-25145 | 2023-03-07 | A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must... |
| CVE-2023-25146 | 2023-03-07 | A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a... |
| CVE-2023-25147 | 2023-03-07 | An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically... |
| CVE-2023-25148 | 2023-03-07 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege... |
| CVE-2023-27476 | 2023-03-07 | XML External Entity (XXE) Injection in OWSLib |
| CVE-2018-25081 | 2023-03-08 | Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on... |
| CVE-2023-1270 | 2023-03-08 | Cross-site Scripting in btcpayserver/btcpayserver |
| CVE-2023-25395 | 2023-03-08 | TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. |