Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28154 | 1 Webpack.js | 1 Webpack | 2023-03-17 | N/A | 9.8 CRITICAL |
| Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. | |||||
| CVE-2023-1369 | 1 Tgsoft | 2 Vir.it Explorer, Viragtlt.sys | 2023-03-17 | N/A | 5.5 MEDIUM |
| A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects some unknown processing in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875. | |||||
| CVE-2023-24033 | 1 Samsung | 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more | 2023-03-17 | N/A | 9.8 CRITICAL |
| The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | |||||
| CVE-2023-1299 | 1 Hashicorp | 1 Nomad | 2023-03-16 | N/A | 8.8 HIGH |
| HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1. | |||||
| CVE-2022-22643 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. | |||||
| CVE-2022-32877 | 1 Apple | 1 Macos | 2023-03-16 | N/A | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data. | |||||
| CVE-2023-0347 | 1 Akuvox | 2 E11, E11 Firmware | 2023-03-16 | N/A | 5.3 MEDIUM |
| The Akuvox E11 Media Access Control (MAC) address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud. | |||||
| CVE-2021-46876 | 1 Ibexa | 1 Ez Platform Kernel | 2023-03-16 | N/A | 5.3 MEDIUM |
| An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence. | |||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-16 | N/A | 8.8 HIGH |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | |||||
| CVE-2023-27902 | 1 Jenkins | 1 Jenkins | 2023-03-16 | N/A | 4.3 MEDIUM |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. | |||||
| CVE-2022-37939 | 1 Hpe | 4 Superdome Flex 280 Server, Superdome Flex 280 Server Firmware, Superdome Flex Server and 1 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8. | |||||
| CVE-2023-0772 | 1 Optinmonster | 1 Optinmonster | 2023-03-16 | N/A | 6.5 MEDIUM |
| The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. | |||||
| CVE-2023-0749 | 1 Oceanwp | 1 Ocean Extra | 2023-03-16 | N/A | 6.5 MEDIUM |
| The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. | |||||
| CVE-2021-34125 | 2 Dronecode, Yuneec | 3 Px4 Drone Autopilot, Mantis Q, Mantis Q Firmware | 2023-03-16 | N/A | 7.5 HIGH |
| An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. | |||||
| CVE-2023-0629 | 1 Docker | 1 Docker Desktop | 2023-03-16 | N/A | 7.1 HIGH |
| Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0. | |||||
| CVE-2023-27904 | 1 Jenkins | 1 Jenkins | 2023-03-15 | N/A | 5.3 MEDIUM |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | |||||
| CVE-2023-1203 | 1 Devolutions | 1 Remote Desktop Manager | 2023-03-15 | N/A | 6.5 MEDIUM |
| Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule. | |||||
| CVE-2022-43902 | 1 Ibm | 1 Mq Appliance | 2023-03-15 | N/A | 7.5 HIGH |
| IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. | |||||
| CVE-2021-33639 | 1 Openatom | 1 Openeuler Kernel | 2023-03-15 | N/A | 7.5 HIGH |
| REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | |||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-15 | N/A | 6.8 MEDIUM |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | |||||